The threat to the mobile industry is constantly coming from every direction. One of the more obvious is the malware attack. Applications that often ‘carry’ the malicious program always evolved both in technology, technique of exploitation, victim target, until the goal to be achieved. Finally, along with the development of cryptocurrency (crypto currency), Malware can take advantage of your phone to mine the digital money and reap personal benefits.
Then, how is the trend of malware forward and how to solve it? One of the world’s security companies, Kaspersky mentioned some types of malware that would likely be a trend in 2018.
1. Rooting malware
Over the past few years, rooting malware has become the biggest threat to Android users. These Trojans are difficult to detect, their ability is constantly increasing and has been very popular among cyber criminals. Their primary goal is to show the victims as many ads as possible and secretly install and launch the advertised app. In some cases, the aggressive display of pop-up ads and delays in executing user commands can render the device unusable.
Rooting malware usually tries to get super user privileges by exploiting system vulnerabilities that allow it to do almost anything. They can install modules in the system folder, thus protecting them from being erased. In some cases – Ztorg malware, for example – resetting with factory reset can not even eliminate this type of malware. It should be noted that this Trojan is also distributed through the Google Play Store. Kaspersky found nearly 100 applications have been infected by various Ztorg variants. One of them has even been installed more than a million times (according to Google Play Store stats).
Another example is Trojan.AndroidOS.Dvmap.a. This Trojan uses root privileges to inject malicious code into the runtime libraries system. This Trojan is also distributed through the Google Play Store and has been downloaded more than 50,000 times.
2. WAP Trojan
WAP Billing is a form of mobile payment that charges directly to a user’s mobile phone bill so they do not have to register a card or set up a username and password. This mechanism is similar to premium SMS rates, but WAP Trojans that target WAP Billling do not need to send any SMS in this case – they just need to click a button on a web page with WAP-billing.
From a user perspective, pages with WAP-billing look like regular web pages. Usually the page contains complete information about payments and buttons. By clicking this button, the user will be redirected to a mobile network operator’s server, which may indicate additional information and request the user’s final decision on payment by clicking another button. If a user is connected to the Internet via mobile data, the mobile network operator can identify himself. The popular WAP trojans include Trojan-Clicker.AndroidOS.Ubsoda, Xafekopy, Autosus, and Podec.
3. Dynamic development of the Trojan Banking
The world of mobile banking that continues to grow throughout 2017, also ‘offers’ new ways to steal money. Kaspersky invented the modification of FakeToken’s fake banking application that attacks not only financial applications but also apps for ordering taxis, hotels, tickets, etc. Trojan terseut work by ‘stacking’ the application interface with a phishing window (data theft techniques by tricking users to enter important data). Here, the user is asked to enter their bank card details. It should be noted that this action seems very normal to the user because usually such banking apps are designed to make payments and therefore tend to request the type of data as above.
The latest version of the Android operating system includes many different tools designed to prevent malware from performing malicious actions. However, the Trojans are constantly looking for ways to bypass the barricade.
In 2017 some striking examples of banking Trojans are found. Trojan-Banker.AndroidOS.Svpeng.ae modifications can penetrate Android security features by utilizing accessibility services – Android functionality designed to create applications for disabled users. The Trojan requests the victim’s permission to use the accessibility service and gives himself some dynamic permissions that include the ability to send and receive SMS, make calls, and read contacts. Trojan will also add itself to the device administrator list, thus preventing the uninstallation of the installation. This malicious Trojan can also steal data that users enter into other applications by operating like a keylogger (an application that can record keystrokes on our keyboard).
In August, Kaspersky found another variant of the mobile malware family Svpeng which also made use of the Android accessibility service. This modification has different goals – blocking devices, encrypting user files and requesting a ransom in bitcoin currency.
Statistics
By 2017, Kaspersky detects 5,730,916 malicious install packages on mobile devices. This figure is 1.5 times less than the year before, but almost double compared to 2015.
Despite a decline in the number of malicious installation packages detected, by 2017 mobile malware attacks recorded more, 42.7 million vs. 40 million by 2016.
Meanwhile, Indonesia occupies the third warning in terms of malware attacks where 41.14% of mobile users are exposed to the malicious application attacks.
The first rank occupied Iran, where half the more mobile users in the country (57.25%) exposed to malware attacks. Underneath it appears Bangladesh state where (42, 76%) mobile users are hit by attacks.