When mobile phones became smarter, viruses were immediately created for them. After all, these devices store a lot of personal information - contacts, messages, passwords, coordinates of movement, photos.
It is said that SMS viruses even triggered a wave of Arab revolutions in 2011. These malicious programs have literally terrorized our phones.
A Trojan that steals conversations. And how they will use this information further - nobody knows.
Thief of archives. A Trojan called Antammi (Trojan-Spy.AndroidOS.Antammi) was written by Russian programmers. To cover up his malicious activity, he used a very harmless application that allows you to download ringtones. The Trojan is able to steal a bunch of user's personal information - contacts, GPS coordinates, photos and an archive of SMS messages. Then the program log was forwarded to the fraudsters, and the stolen data was sent to them on the server.
Programs that control smartphones. Recently, programs that seek to control our smart mobile devices are becoming more common. Among the mass of viruses for the Android operating system, backdoors are second only to spyware in terms of their popularity. In China, the creation of backdoors has generally been put on stream. Most of these programs contain code to exploit vulnerabilities in the operating system and gain superuser (root) privileges. If this is not possible, then the task is to obtain maximum rights. As a result, the attacker gets full remote access to all the contents of the smartphone. In other words, after infection, the hacker can control the smart phone at his own discretion, launching any applications. The most prominent example is the Backdoor.Linux.Foncy backdoor disguised as an IRC robot. It was revealed in early 2012. The virus was inside the apk dropper (Trojan-Dropper.AndroidOS.Foncy). It also contains an exploit (Exploit.Linux.Lotoor.ac) for obtaining root rights on a smartphone and an SMS Trojan (Trojan-SMS.AndroidOS.Foncy). Installing such a package made the mobile device unsecure.
A gift from Katya. Who doesn't love receiving gifts? At the beginning of 2011, many users of mobile devices began to regularly receive SMS spam that a certain Katya had sent them an MMS gift. As it usually happens, a link was attached, following which one could download a gift. It is quite obvious that this link contained a JAR file, which was essentially an SMS Trojan. Experts say that such mailings contain links to malicious programs from the Trojan-SMS.J2ME.Smmer family. Its purpose is the unauthorized delivery of SMS messages to premium numbers by the user. As a result, the person receives an overwhelming phone bill. The functionality of the Trojans is rather primitive, but given the scale of the users involved, this simplicity still leads to the infection of a large number of mobile devices.
A wrecker that takes charge from the phone. Until recently, the main focus of SMS Trojans was on users from Ukraine, Kazakhstan and Russia. But now the environment of virus writers has been greatly expanded by Chinese masters. They also learned how to create SMS Trojans and distribute them. However, such programs have not received distribution in their pure form. The Chinese have added the functionality of sending SMS messages to premium rates to their other malicious creations. Over time, users from North America and Europe began to be attacked. The trailblazer is the GGTracker Trojan, which targeted US users. The app announced that it will increase battery life. In fact, the user, unwillingly, subscribed to a paid service using a series of SMS messages from his infected phone.
Spy sending to pay sites. The whole Foncy family of similar programs can be considered another striking example of how Trojans work. The functionality is rather primitive here, but this virus was the first to seriously disturb users in Canada and Western Europe. Over time, improved modifications of the program have attacked phones in the United States, Morocco and Sierra Leone. The Foncy Trojan has two characteristic features. First of all, she learned to determine which country the SIM card of the infected device belongs to. Depending on this, the dialing prefix and the number to which the SMS is sent are changed. The Trojan can also send reports to cybercriminals about the work it has done. The principle of the program is simple - without the owner's knowledge, SMS messages are sent to a paid number to pay for certain services. It can be newsletter, access to content, ringtones. Usually, in response, the phone receives an SMS with payment confirmation, but the Trojan hides it from the person. Foncy is able to send confirmation texts and short numbers from which they come to its true owner. Initially, the information was contained in a simple SMS message directly to the attacker's number, but now new modifications have learned to upload data directly to the hacker's server.
Paired pest. Programs that run in pairs are especially dangerous. The ZitMo (ZeuS-in-the-Mobile) and SpitMo (SpyEye-in-the-Mobile) Trojans work in conjunction with the usual ZeuS and SpyEye viruses. It is one of the most sophisticated malware found recently. By themselves, ZitMo or SpitMo would have remained ordinary spies who are engaged in sending SMS messages. But the work of the Trojans in tandem with other "classics", ZeuS or SpyEye, has already allowed cybercriminals to overcome the mTAN barrier for protecting banking transactions. Viruses send all incoming messages from mTAN to the abductors' numbers or to their server. Then, using these codes, the villains confirm financial transactions that are carried out from hacked bank accounts. There are versions of SpitMo for Symbian and Android, but ZitMo is much more common. In addition to these two operating systems, he took a liking to Windows Mobile and Blackberry OS.
Malicious QR codes. In the modern information world, QR codes are gaining popularity. Indeed, in a small picture you can encrypt a whole message, which the phone can easily recognize. It's no surprise that QR codes are used in advertisements, business cards, badges, etc. They give you the ability to quickly access the information you need. No one expected malicious QR codes to appear so quickly. Previously, mobile devices were infected through sites where all software was malicious. Such resources were simply teeming with SMS Trojans and links to them. But now cybercriminals have begun to use QR codes as well. All the same links to infected resources were encrypted in them. This technology was first tested in Russia. Malicious codes hid SMS Trojans for Android and J2ME platforms.
A revolutionary virus. No, here we are not talking about a fundamentally new type of malware. In 2011, experts noted a large surge in hacker activity. At the same time, this time they were led not by the desire to illegally enrich themselves, but by political goals. Even programmers rebelled in relation to the authorities, corporations, government agencies. The emerging threat Trojan-SMS.AndroidOS.Arspam primarily targeted mobile users in Arab countries. A common compass program distributed on Arabic-language forums and resources contained a Trojan horse. He sent links to a forum dedicated to Mohammed Bouazizi to randomly selected phone contacts. This man committed an act of self-immolation in Tunisia, which led to massive unrest in the country with the subsequent revolution. Arspam is also trying to determine the country code where the smartphone is located. For example, if this value is BH (Bahrain), then the program tries to download a PDF file to the device. It contains the report of an independent commission on human rights violations in that country. The proliferation of such malware did a lot for the 2011 Arab Spring.