By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    A Malware Classification -Kaspersky Daily
    8 months ago
    Superfish: adware preinstalled on Lenovo laptops
    8 months ago
    Russian-speaking cyber spies from Turla APT group exploit satellites
    8 months ago
    Latest News
    Triangulation: Trojan for iOS | Kaspersky official blog
    5 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
    5 days ago
    Safeguards against firmware signed with stolen MSI keys
    7 days ago
    WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
    7 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Surface Pro released and the 128 GB version already sold out at the online Microsoft Store [Updated]
    8 months ago
    Windows 11 build 22622.590 (KB5017846) outs in the Beta Channel
    8 months ago
    How to protect computer from virus and hackers on Windows 11
    8 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    4 months ago
    Now you can speed up any video in your browser
    4 months ago
    How to restore access to a file after EFS or view it on another computer?
    4 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    5 months ago
  • How To
    How ToShow More
    Nine years of Project Galileo and how the last year has changed it
    Nine years of Project Galileo and how the last year has changed it
    16 hours ago
    Dynamic data collection with Zaraz Worker Variables
    Dynamic data collection with Zaraz Worker Variables
    4 days ago
    Reduce latency and increase cache hits with Regional Tiered Cache
    Reduce latency and increase cache hits with Regional Tiered Cache
    5 days ago
    Cloudflare is deprecating Railgun
    Cloudflare is deprecating Railgun
    5 days ago
    What is two-factor authentication | Kaspersky official blog
    1 week ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    Easter egg “I am a teapot” on Google
    8 months ago
    How to block ads with Adguard DNS in Android
    8 months ago
    How to reduce video quality in Chrome?
    8 months ago
    Latest News
    How to generate SSH keys on Windows 11
    6 hours ago
    How to enable file sharing on WSA for Windows 11
    6 hours ago
    How to add CPU, GPU, RAM widgets on Windows 11
    4 days ago
    How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
    1 week ago
  • Glossary
  • My Bookmarks
Reading: Mobile beasts and where to find them — part four
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
AppsThreats

Mobile beasts and where to find them — part four

Tom Grant
Last updated: 13 October
Tom Grant 8 months ago
Share
8 Min Read
  • Mobile beasts and where to find them — part one: Adware, subscribers, flooders, DDoSers.
  • Mobile beasts and where to find them — part two: Ransomware, wipers, miners.
  • Mobile beasts and where to find them — part three: Spyware, keyloggers, banking Trojans.

In part four of our study of mobile threats, we discuss the most complex and dangerous types of malware — the ones that not only exploit Android capabilities, but are also able to tune your system to their taste and combine multiple malicious functions.

Contents
RATs — remote access TrojansRooting TrojansModular TrojansHow to defend against the worst Android malware

RATs — remote access Trojans

RAT by name, rat by nature. Remote administration tools (RATs) can be used to connect to a remote device on the network and not only view the screen contents, but also take full control, issuing commands from remote input devices (keyboard/mouse on a computer; touch screen on a smartphone).

RATs were initially created with good intentions — to help manage various settings and apps, well, remotely. After all, it is far easier for tech support staff to select the right check boxes and settings themselves rather than trying to explain to the user what to do over the phone — and even easier for the user.

But in cybercriminals’ hands, RATs are transformed into a formidable weapon: Installing a Trojan on your smartphone that provides someone with remote access to the gadget is like giving the keys to your apartment to a stranger. The malicious use of RATs is so common that the acronym increasingly stands for “remote access Trojan.”

Having connected to your device through a RAT, hackers can do as they please, including snooping on all your passwords and PINs, logging into banking apps and transferring your money, and subscribing you to unwanted services that quietly eat up funds on your mobile account or credit card — as well as stealing your mail, social network, and IM accounts to extract money from friends in your name. And that’s after copying all your photos to blackmail you later if any of them happen to be of a private nature.

Typically, RATs are used for spying. Such malware allows jealous husbands or wives to spy on their spouses, but more seriously, it can also be used for stealing corporate secrets. For example, AndroRAT (detected in spring this year) sneakily takes pictures with the smartphone camera and records sound (including telephone conversations). It also steals Wi-Fi passwords based on geolocation. This means that no negotiations are ever confidential, and it makes penetrating the office network a piece of cake.

Rooting Trojans

“Root access” in some operating systems, including Android, is another name for superuser rights, which allow changes to system folders and files. For regular user tasks, such access is completely unnecessary and disabled by default. But some advanced enthusiasts like to have it to customize the operating system. See our post Rooting your Android: Advantages, disadvantages, and snags to learn why you should think twice before doing so.

Some malicious programs, called rooting Trojans, can get root privileges using vulnerabilities in the operating system. Having superuser rights allows cybercriminals to configure your smartphone for their purposes. For example, they can force the device to open full-screen ads. Or install malware or adware in the background, without any notifications.

A favorite rooting malware trick is to secretly delete apps installed on the smartphone and replace them with either phishing or malware-augmented software. Moreover, superuser rights can be used to prevent you from removing malware from your device. No wonder that rooting Trojans are considered today’s most dangerous type of mobile threat.

Modular Trojans

Jack-of-all-trades modular Trojans can perform several different malicious actions, either simultaneously or selectively according to the situation. One of the most striking examples of such a Trojan is Loapi, detected in late 2017. As soon as it penetrates a victim’s device, it immediately ensures its own safety by requesting administrator rights — and it won’t take no for an answer; if it is refused, the dialog window pops up again and again, preventing the smartphone from being used. And if access is granted, it becomes impossible to remove Loapi from the device.

The Trojan then launches any one of five modules. It can display ads, subscribe the user to paid content by following links, carry out DDoS attacks on command from a remote server, and forward SMS messages to cybercriminals, concealing them so that the user does not notice malicious transactions.

And in its spare time, when not engaged with these important tasks, the Trojan stealthily mines cryptocurrency, most often when the smartphone is connected to a power outlet or external battery. Mining is a complex computational process that gobbles up energy and resources, so the battery takes a very long time to charge. This can have fatal consequences for phones: Our experts discovered firsthand that a couple of days of Loapi activity is enough to ruin a smartphone battery through overheating.

How to defend against the worst Android malware

As you can see, the dangers posed by RATs, rooting Trojans, and modular malware are serious. But you can guard against them. Here are some simple rules:

  • First of all, block app installs from unknown sources. This option is disabled in Android by default, and it should stay that way. It is no panacea, but it does solve most problems associated with mobile Trojans.
  • Do not try to skimp by downloading hacked versions of apps. Many of them are infected.
  • Do not click on links promising the moon. WhatsApp offers of free airline tickets are usually just an attempt to steal your personal data, and they download malware to your smartphone as a bonus. The same applies to phishing, including texts from friends or strangers containing “Is this your photo?”-type messages.
  • Do not ignore updates for Android and apps installed on your device. Updates patch holes through which attackers can sneak into your smartphone.
  • Check what rights apps are asking for, and do not be afraid to refuse access to personal information and potentially dangerous functions in Android — in most cases, nothing terrible will happen if such requests are denied.
  • Put a good antivirus on your smartphone. For example, Kaspersky Internet Security for Android not only finds and removes Trojans, but also blocks websites with malware and mobile subscriptions.

Source: kaspersky.com

Translate this article

TAGGED: Malware, Phishing, PoC, RC4, RTF, Security, Software, SQL injection, Threat, Threats, Trojan, Vulnerabilities, WhatsApp
Tom Grant October 13, 2022 October 7, 2022
Share this Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

How to generate SSH keys on Windows 11
News 9 hours ago
How to enable file sharing on WSA for Windows 11
News 9 hours ago
Nine years of Project Galileo and how the last year has changed it
Nine years of Project Galileo and how the last year has changed it
Apps 16 hours ago
Dynamic data collection with Zaraz Worker Variables
Dynamic data collection with Zaraz Worker Variables
Apps 4 days ago
How to add CPU, GPU, RAM widgets on Windows 11
News 5 days ago

Recent Posts

  • How to generate SSH keys on Windows 11
  • How to enable file sharing on WSA for Windows 11
  • Nine years of Project Galileo and how the last year has changed it
  • Dynamic data collection with Zaraz Worker Variables
  • How to add CPU, GPU, RAM widgets on Windows 11

You Might Also Like

News

How to generate SSH keys on Windows 11

9 hours ago
Nine years of Project Galileo and how the last year has changed it
Apps

Nine years of Project Galileo and how the last year has changed it

16 hours ago
Dynamic data collection with Zaraz Worker Variables
Apps

Dynamic data collection with Zaraz Worker Variables

4 days ago
Reduce latency and increase cache hits with Regional Tiered Cache
Apps

Reduce latency and increase cache hits with Regional Tiered Cache

5 days ago
Show More

Related stories

How to Use Cloudflare to Secure Your WordPress Site
How To Starting Chrome from the command line
How to fix error 0x80070057 in Chrome?
Windows 10 How To Disable Slide to Shutdown
Windows search not working (FIX)
How to watch movies and TV series for free on Kinopoisk?
Previous Next

10 New Stories

Reduce latency and increase cache hits with Regional Tiered Cache
Cloudflare is deprecating Railgun
Triangulation: Trojan for iOS | Kaspersky official blog
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
Safeguards against firmware signed with stolen MSI keys
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
Previous Next
Hot News
How to generate SSH keys on Windows 11
How to enable file sharing on WSA for Windows 11
Nine years of Project Galileo and how the last year has changed it
Dynamic data collection with Zaraz Worker Variables
How to add CPU, GPU, RAM widgets on Windows 11
10alert.com10alert.com
Follow US

© 10 Alert Network. All Rights Reserved.

  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?