{"id":12132,"date":"2018-10-22T20:28:40","date_gmt":"2018-10-22T16:28:40","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/mobile-malware-part-4\/12132\/"},"modified":"2019-11-15T15:22:46","modified_gmt":"2019-11-15T11:22:46","slug":"mobile-malware-part-4","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/mobile-malware-part-4\/12132\/","title":{"rendered":"Mobile beasts and where to find them \u2014 part four"},"content":{"rendered":"<ul>\n<li><em><a href=\"https:\/\/www.kaspersky.com\/blog\/mobile-malware-part-1\/22770\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Mobile beasts and where to find them \u2014 part one<\/a>: Adware, subscribers, flooders, DDoSers.<\/em><\/li>\n<li><em><a href=\"https:\/\/www.kaspersky.com\/blog\/mobile-malware-part-two\/23350\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Mobile beasts and where to find them \u2014 part two<\/a>: Ransomware, wipers, miners.<\/em><\/li>\n<li><em><a href=\"https:\/\/www.kaspersky.com\/blog\/mobile-malware-part-3\/23971\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Mobile beasts and where to find them \u2014 part three<\/a>: Spyware, keyloggers, banking Trojans.<\/em><\/li>\n<\/ul>\n<p>In part four of our study of mobile threats, we discuss the most complex and dangerous types of malware \u2014 the ones that not only exploit Android capabilities, but are also able to tune your system to their taste and combine multiple malicious functions.<\/p>\n<h2>RATs \u2014 remote access Trojans<\/h2>\n<p><a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/rat-remote-access-tools\/?utm_source=kdaily&amp;utm_medium=blog&amp;utm_campaign=termin-explanation&amp;_ga=2.76390038.267654168.1540215705-938421168.1494508493\" target=\"_blank\" rel=\"noopener noreferrer\">RAT<\/a> by name, rat by nature. Remote administration tools (RATs) can be used to connect to a remote device on the network and not only view the screen contents, but also take full control, issuing commands from remote input devices (keyboard\/mouse on a computer; touch screen on a smartphone).<\/p>\n<p>RATs were initially created with good intentions \u2014 to help manage various settings and apps, well, remotely. After all, it is far easier for tech support staff to select the right check boxes and settings themselves rather than trying to explain to the user what to do over the phone \u2014 and even easier for the user.<\/p>\n<p>But in cybercriminals\u2019 hands, RATs are transformed into a formidable weapon: Installing a <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/trojan\/?utm_source=kdaily&amp;utm_medium=blog&amp;utm_campaign=termin-explanation\" target=\"_blank\" rel=\"noopener noreferrer\">Trojan<\/a> on your smartphone that provides someone with remote access to the gadget is like giving the keys to your apartment to a stranger. The malicious use of RATs is so common that the acronym increasingly stands for \u201cremote access Trojan.\u201d<\/p>\n<p>Having connected to your device through a RAT, hackers can do as they please, including snooping on all your passwords and PINs, logging into banking apps and transferring your money, and subscribing you to unwanted services that quietly eat up funds on your mobile account or credit card \u2014 as well as stealing your mail, social network, and IM accounts to extract money from friends in your name. And that\u2019s after copying all your photos to blackmail you later if any of them happen to be of a private nature.<\/p>\n<p>Typically, RATs are used for spying. Such malware allows jealous husbands or wives to spy on their spouses, but more seriously, it can also be used for stealing corporate secrets. For example, <a href=\"https:\/\/www.zdnet.com\/article\/androrat-new-android-malware-strain-can-hijack-older-phones\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">AndroRAT<\/a> (detected in spring this year) sneakily takes pictures with the smartphone camera and records sound (including telephone conversations). It also steals Wi-Fi passwords based on geolocation. This means that no negotiations are ever confidential, and it makes penetrating the office network a piece of cake.<\/p>\n<h3>Rooting Trojans<\/h3>\n<p>\u201cRoot access\u201d in some operating systems, including Android, is another name for <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/root-access\/?utm_source=kdaily&amp;utm_medium=blog&amp;utm_campaign=termin-explanation\" target=\"_blank\" rel=\"noopener noreferrer\">superuser rights<\/a>, which allow changes to system folders and files. For regular user tasks, such access is completely unnecessary and disabled by default. But some advanced enthusiasts like to have it to customize the operating system. See our post <a href=\"https:\/\/www.kaspersky.com\/blog\/android-root-faq\/17135\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Rooting your Android: Advantages, disadvantages, and snags<\/a> to learn why you should think twice before doing so.<\/p>\n<p>Some malicious programs, called rooting Trojans, can get root privileges using vulnerabilities in the operating system. Having superuser rights allows cybercriminals to configure your smartphone for their purposes. For example, they can force the device to open full-screen ads. Or install malware or adware in the background, without any notifications.<\/p>\n<p>A favorite rooting malware trick is to secretly delete apps installed on the smartphone and replace them with either phishing or malware-augmented software. Moreover, superuser rights can be used to prevent you from removing malware from your device. No wonder that rooting Trojans are considered today\u2019s most dangerous type of mobile threat.<\/p>\n<h3>Modular Trojans<\/h3>\n<p>Jack-of-all-trades modular Trojans can perform several different malicious actions, either simultaneously or selectively according to the situation. One of the most striking examples of such a Trojan is <a href=\"https:\/\/www.kaspersky.com\/blog\/loapi-trojan\/20510\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Loapi<\/a>, detected in late 2017. As soon as it penetrates a victim\u2019s device, it immediately ensures its own safety by requesting administrator rights \u2014 and it won\u2019t take no for an answer; if it is refused, the dialog window pops up again and again, preventing the smartphone from being used. And if access is granted, it becomes impossible to remove Loapi from the device.<\/p>\n<p>The Trojan then launches any one of five modules. It can display ads, subscribe the user to paid content by following links, carry out <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/ddos-distributed-denial-of-service-attack\/?utm_source=kdaily&amp;utm_medium=blog&amp;utm_campaign=termin-explanation\" target=\"_blank\" rel=\"noopener noreferrer\">DDoS attacks<\/a> on command from a remote server, and forward SMS messages to cybercriminals, concealing them so that the user does not notice malicious transactions.<\/p>\n<p>And in its spare time, when not engaged with these important tasks, the Trojan stealthily mines cryptocurrency, most often when the smartphone is connected to a power outlet or external battery. Mining is a complex computational process that gobbles up energy and resources, so the battery takes a very long time to charge. This can have fatal consequences for phones: Our experts discovered firsthand that a <a href=\"https:\/\/securelist.com\/jack-of-all-trades\/83470\/\" target=\"_blank\" rel=\"noopener noreferrer\">couple of days of Loapi activity<\/a> is enough to ruin a smartphone battery through overheating.<\/p>\n<h3>How to defend against the worst Android malware<\/h3>\n<p>As you can see, the dangers posed by RATs, rooting Trojans, and modular malware are serious. But you can guard against them. Here are some simple rules:<\/p>\n<ul>\n<li>First of all, <a href=\"https:\/\/www.kaspersky.com\/blog\/android-8-permissions-guide\/23981\/%2523install-unknown-apps\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">block app installs from unknown sources<\/a>. This option is disabled in Android by default, and it should stay that way. It is no panacea, but it does solve most problems associated with mobile Trojans.<\/li>\n<li>Do not try to skimp by downloading hacked versions of apps. Many of them are infected.<\/li>\n<li>Do not click on links promising the moon. <a href=\"https:\/\/www.kaspersky.com\/blog\/new-airline-tickets-scam\/22179\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">WhatsApp offers of free airline tickets<\/a> are usually just an attempt to steal your personal data, and they download malware to your smartphone as a bonus. The same applies to phishing, including <a href=\"https:\/\/securelist.com\/the-rise-of-mobile-banker-asacub\/87591\/\" target=\"_blank\" rel=\"noopener noreferrer\">texts from friends<\/a> or strangers containing \u201cIs this your photo?\u201d-type messages.<\/li>\n<li>Do not ignore updates for Android and apps installed on your device. Updates patch holes through which attackers can sneak into your smartphone.<\/li>\n<li>Check what rights apps are asking for, and do not be afraid to refuse <a href=\"https:\/\/www.kaspersky.com\/blog\/android-8-permissions-guide\/23981\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">access to personal information and potentially dangerous functions in Android<\/a> \u2014 in most cases, nothing terrible will happen if such requests are denied.<\/li>\n<li>Put a good antivirus on your smartphone. For example, <a href=\"https:\/\/me-en.kaspersky.com\/mobile-security?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2c_kdaily_wpplaceholder_sm-team___kisa____3d7d2c33c4c17a10\" target=\"_blank\" rel=\"noopener\">Kaspersky for Android<\/a> not only finds and removes Trojans, but also blocks websites with malware and mobile subscriptions.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>We explain the types of malware that can take control of your device, and the dangers of multifunctional infection.<\/p>\n","protected":false},"author":540,"featured_media":12133,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1486,9],"tags":[105,1943,1603,181,1944,714,1945,409,45,521,692],"class_list":{"0":"post-12132","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"category-tips","9":"tag-android","10":"tag-androrat","11":"tag-loapi","12":"tag-mobile-apps","13":"tag-modular-trojans","14":"tag-rat","15":"tag-root","16":"tag-rooting","17":"tag-smartphones","18":"tag-threats","19":"tag-trojans"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/mobile-malware-part-4\/12132\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/mobile-malware-part-4\/14508\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/mobile-malware-part-4\/16441\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/mobile-malware-part-4\/14637\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/mobile-malware-part-4\/13579\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/mobile-malware-part-4\/17232\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/mobile-malware-part-4\/16511\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/mobile-malware-part-4\/21523\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/mobile-malware-part-4\/5390\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/mobile-malware-part-4\/24290\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/mobile-malware-part-4\/11098\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/mobile-malware-part-4\/11127\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/mobile-malware-part-4\/9933\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/mobile-malware-part-4\/17990\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/mobile-malware-part-4\/21850\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/mobile-malware-part-4\/23862\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/mobile-malware-part-4\/17521\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/mobile-malware-part-4\/21384\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/mobile-malware-part-4\/21389\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/android\/","name":"Android"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/12132","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/540"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=12132"}],"version-history":[{"count":3,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/12132\/revisions"}],"predecessor-version":[{"id":14580,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/12132\/revisions\/14580"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/12133"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=12132"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=12132"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=12132"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}