In the last installment of this story about mobile miscreants, we discussed relatively harmless malware that can find its way onto your smartphone or tablet. Today, we will talk about some far more dangerous beasts that are much more likely to leave you out of pocket or phoneless.
As we’ve said before, people are so reliant on their smartphones that if access is denied, they will walk over hot coals to get it back. Knowing that, malicious developers create mobile ransomware Trojans to block victims’ devices and demand money to restore access.
Like its desktop cousin, mobile ransomware is divided into two types: blockers and encryptors. As the names suggest, encryptors encrypt files and blockers block access — most often by overlaying the screen with a dodgy banner or demanding a PIN.
Incidentally, mobile malware often encrypts and blocks. That, for example, is how a certain modification of our old friend, the Svpeng Trojan, earns its scratch.
Whereas desktop blockers have all but disappeared (they are easy to bypass), on mobile devices they are snowballing. For example, 83% of detected ransomware in 2017 came from the Congur family of Trojans, which locked victims’ devices with a PIN.
Like desktop blockers, mobile versions typically accuse the user of having violated some law — usually by viewing pornography — and demand payment of a penalty, supposedly to a government agency. Needless to say, the money goes to the attackers. Such malware is most often distributed through porn sites, adding credibility to the accusation in the eyes of some victims.
Once more, the clue is in the name: Wipers wipe all files from a victim’s device. For ordinary scammers trying to make money by collecting ransom, wiping user data makes no business sense. Instead, wipers tend to be used in corporate or political knife fights.
Wipers are encountered far less often on mobile gadgets than on PCs. And even when they do appear on handheld devices, most often they are acting in concert with some other nasty trick. For example, malware under the name Mazar is able not only to delete data, but also to turn a mobile phone into part of a botnet — a network used for cyberattacks. But we’ll cover the topic of two-in-one pests another time.
If your smartphone suddenly starts to heat up, slow down, and drain battery quickly, the most likely culprit is a hidden cryptocurrency miner — these pests, well, secretly mine cryptocurrency for someone else at your expense.
It’s possible to get infected even in official app stores: such programs are well disguised as bona fide applications fulfilling the specification in the description, all the while mining virtual coins in the background for their creators. Meanwhile, apps downloaded from third-party sources do their best to impersonate system applications. Sometimes, the malware even pretends to be an application to update Google Play itself, for example, HiddenMiner.
Although miners do not steal your money or wipe your files, the risk should not be underestimated: Excessive load can cause the device not only to slow down and discharge too quickly, but also to overheat catastrophically.
How to stay protected
No matter how unpleasant they may be, most invasions can be guarded against by following just a few rules:
- Install apps only from official stores, such as Google Play or the Amazon Store: It’s not a guarantee, but it considerably lowers your risk of permitting malware onto your device.
- In your device settings, disable installation of apps from third-party sources. This eliminates randomly downloaded threats that attempt to mimic system updates and the like.
- Make regular backups of important data from your device to the cloud, a USB flash drive, or an external hard drive.
- Always install operating system and application updates as soon as they become available — they patch vulnerabilities that criminals can exploit.
- Don’t click on suspicious links in e-mails, texts, or instant messages.
- Protect all mobile devices with a reliable antivirus utility. For example, the paid version of Kaspersky for Android performs real-time analysis of apps, links, and Web pages, and blocks anything that looks suspicious or dangerous.