Mobile malware
Mobile malware is malicious software that targets mobile phones or wireless-enabled Personal digital assistants, by causing the collapse of the system and loss or leakage of confidential information. As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware.
History
Cell phone malware were initially demonstrated by Brazilian software engineer Marcos Velasco. He created a virus that could be used by anyone in order to educate the public of the threat.The first known mobile virus, "Timofonica", originated in Spain and was identified by antivirus labs in Russia and Finland in June 2000. "Timofonica" sent SMS messages to GSM-capable mobile phones that read "Information for you: Telefónica is fooling you." These messages were sent through the Internet SMS gateway of the MoviStar mobile operator.
In June 2004, it was discovered that a company called Ojam had engineered an anti-piracy Trojan hack in older versions of its mobile phone game, Mosquito. This sent SMS texts to the company without the user's knowledge.
In July 2004, computer hobbyists released a proof-of-concept virus Cabir, that infects mobile phones running the Symbian operating system, spreading via Bluetooth wireless.
In March 2005, it was reported that a computer worm called Commwarrior-A had been infecting Symbian series 60 mobile phones. This specific worm replicated itself through the phone's Multimedia Messaging Service, sending copies to contacts listed in the phone user's address book.
In August 2010, Kaspersky Lab reported the trojan Trojan-SMS.AndroidOS.FakePlayer.a. This was the first SMS malware that affected Google's Android operating system, and which sent SMS messages to premium rate numbers without the owner's knowledge, accumulating huge bills.
Currently, various antivirus software companies. Meanwhile, operating system developers try to curb the spread of infections with quality control checks on software and content offered through their digital application distribution platforms, such as Google Play or Apple's App Store. Recent studies however show that mobile antivirus programs are ineffective due to the rapid evolution of mobile malware.
Taxonomy
Many types of common malicious programs are known to affect mobile devices:- Expander: Expanders target mobile meters for additional phone billing and profit
- Worm: The main objective of this stand-alone type of malware is to endlessly reproduce itself and spread to other devices. Worms may also contain harmful and misleading instructions. Mobile worms may be transmitted via text messages SMS or MMS and typically do not require user interaction for execution.
- Trojan: Unlike worms, a Trojan horse always requires user interaction to be activated. This kind of virus is usually inserted into seemingly attractive and non-malicious executable files or applications that are downloaded to the device and executed by the user. Once activated, the malware can cause serious damage by infecting and deactivating other applications or the phone itself, rendering it paralyzed after a certain period of time or a certain number of operations. Usurpation data synchronizes with calendars, email accounts, notes, and any other source of information before it is sent to a remote server.
- Spyware: This malware poses a threat to mobile devices by collecting, using, and spreading a user's personal or sensitive information without the user's consent or knowledge. It is mostly classified into four categories: system monitors, trojans, adware, and tracking cookies.
- Backdoor: Covert method of bypassing security restrictions to gain unauthorized access to a computer system. In simpler words, a backdoor is a piece of code that allows others to go in and out of a system without being detected.
- Dropper: A malware designed to install other programs on a device, unbeknownst to the user. These could include other malicious programs or benign applications that the attacker is interested in spreading.
Notable mobile malicious programs
- Cabir: This malware infects mobile phones running on Symbian OS and was first identified in June 2004. When a phone is infected, the message 'Caribe' is displayed on the phone's screen and is displayed every time the phone is turned on. The worm then attempts to spread to other phones in the area using wireless Bluetooth signals, although the recipient has to confirm this manually.
- Duts: This parasitic file infector virus is the first known virus for the Pocket PC platform. It attempts to infect all EXE files that are larger than 4096 bytes in the current directory.
- Skulls: A trojan horse piece of code that targets mainly Symbian OS. Once downloaded, the virus replaces all phone desktop icons with images of a skull. It also renders all phone applications useless. This malware also tends to mass text messages containing malicious links to all contacts accessible through the device in order to spread the damage. This mass texting can also give rise to high expenses.
- Commwarrior: This malware was identified in 2005. It was the first worm to use MMS messages and can spread through Bluetooth as well. It infects devices running under OS Symbian Series 60. The executable worm file, once launched, hunts for accessible Bluetooth devices and sends the infected files under a random name to various devices.
- Gingermaster: A trojan developed for an Android platform that propagates by installing applications that incorporate a hidden malware for installation in the background. It exploits the frailty in the version Gingerbread of the operating system to use super-user permissions by privileged escalation. It then creates a service that steals information from infected terminals by sending it to a remote server through petitions HTTP.
- DroidKungFu: A trojan content in Android applications, which when executed, obtains root privileges and installs the file com.google. ssearch.apk, which contains a back door that allows files to be removed, open home pages to be supplied, and 'open web and download and install' application packages. This virus collects and sends to a remote server all available data on the terminal.
- Ikee: The first worm known for iOS platforms. It only works on terminals that were previously made a process of jailbreak, and spreads by trying to access other devices using the SSH protocol, first through the subnet that is connected to the device. Then, it repeats the process generating a random range and finally uses some preset ranges corresponding to the IP address of certain telephone companies. Once the computer is infected, the wallpaper is replaced by a photograph of the singer Rick Astley, a reference to the Rickroll phenomenon.
- Gunpoder : This worm file infector virus is the first known virus that officially infected the Google Play Store in few countries, including Brazil.
- Shedun: adware serving malware able to root Android devices.
- HummingBad - Infected over 10 million Android operating systems in 2016. User details were sold and adverts were tapped on without the user's knowledge thereby generating fraudulent advertising revenue.