How hackers make their target on mobile users
Wireless technologies are increasingly being integrated into our lives, continue to actively expand the scope of mobile devices for everyday tasks.
Payment services, business correspondence, proof of banking operations “on the go” are commonplace, and themselves smartphones and tablet computers have become a real fount of “tasty” information about their owners, occupy a special niche in the system of values of hackers, hunted on the internet.
To date, attacks on mobile devices in cyber crime are among the most popular, and the number is rapidly growing mobile intruders victims. According to the analytical reports of anti-virus companies, the number of attacks on mobile devices based on Android increased by 4 times compared to the same period of 2012-2013. There is also growing and the number of mobile spam.
The spread of viruses for mobile devices
There are several distribution channels virus programs, the ultimate goal of which are mobile users:
Sending spam messages with a link to the infected file or a Web page via e-mail, SMS or MMS.
Placing on the websites of malicious links that copy the ads, such as “How to lose 10 kilos in 1 day”, “Get Free 150 rubles to the account of a mobile,” and so forth.
The most popular distribution channel of mobile malware is the last option when a hacker breaks into a well-visited website and posted on the pages of the malicious code that redirects the visitor mobile device to a page with an exploit for a specific version of the browser or plugin.
Mobile infection tactics
In both cases, exploited a browser or plug-in vulnerability, when through a specially crafted by a hacker exploit is the introduction of malicious code on your mobile device and fixing the intruder in the system.
Often, however, it also happens that the infection on a mobile phone “entered” the most user-handed. The malicious file hosted on the compromised website, the attacker masquerades under the offer to update the outdated browser and flash player or download to the phone an interesting game. The unsuspecting user installs a malicious application, hereby introducing a Trojan to your device.
The above type of distribution of viruses for mobile phones based on Android became widespread after the freedom was granted to owners of smartphones in relation to self-loading of content not only from the official store but also with other (untrusted) sources.
Types of infections of mobile devices:
Today suspended three types of infections can be identified, were widely spread in the mobile environment:
1. “Banking Trojans”
When a hacker is installed Trojan on phone, you can remotely control the mobile device functions – to intercept and send SMS; manipulate files; activate various functions of a smartphone; control the mobile banking application.
These allow for the manipulation of two-factor authentication or confirm the operation. The main objective of the banking malware – the theft of money from bank accounts of the victim. The special risk – the owners of mobile devices on Android OS.
Recently there were Trojans for mobile devices, which work in tandem with banking Trojans written for a regular computer. “Big Brother” stealing passwords from the client-bank, and “younger” intercepts SMS with confirmation of transactions codes, and report to the command center of a hacker.
2. “Locker ransomware”
A malicious program downloaded to a smartphone, completely blocking the device’s screen. Instead of the usual menu, the user sees a message in which he offered to transfer the money, usually via SMS, for unlocking. The most famous locker – Sam locker for Android. According to the data of the ESET company, 90% of infections by this malware are in Russia and Ukraine.
Sometimes, however, hackers are not limited to only one message and intimidate the victim is much stronger, that is guaranteed to get money for his dishonest work. For example, using the front camera take a picture of the owner of the mobile and at the photo on lock-screen display a message that the device found adult content, which will be immediately handed over to the police if the owner refuses to transfer money to the account of the extortionist.
With private lockers problems faced by owners of mobile devices on Android.
Spyware installed on your mobile phone, collects a variety of data stored or transmitted using the device – user e-mails, text SMS, phone book data, entered passwords, and so on. The resulting information is sent to a hacker attacker via email or on the server.
Spyware is used in targeted attacks against a specific person if you need to collect dirt or other “interesting” information for which you can get the money. Along with this, an attacker can steal passwords from mailboxes, access to the personal account of different sites to capture credit card numbers and other confidential information to the subsequent extortion and blackmail or sale of content to interested parties.
4. “Do not be hacked – not earned”
However, to capitalize on mobile users can be infected without mobile devices. It comes to selling mobile traffic or unfair promotion of goods and services in mobile Internet when the user is entering the desired his website from a smartphone or tablet computer, redirected against his will to the third web resource that is advertised quite a stranger product or service, or user cloyingly offer to subscribe to the paid content. As an example, spam company, aimed at users of WhatsApp app.
Examples of promoted goods and services on the mobile Internet by unscrupulous:
• Subscribe to the media content of the SMS. Movies, music, including access to adult content.
• Selling online access to resources. Unlimited access to file sharing (eg, depositfiles.com), selling access to mobile gaming.
• Sale of goods targeted at mobile users. Internet shops with merchandise for mobile phones, commercial services for mobile users ( “unlock” iPhones, repair of mobile devices, cases for mobile phones, statues, artifacts, advanced mobile games).
• Demonstration of advertising to mobile users. Unauthorized placement on the site pop-up banners, popups, audio and video clips.
There is also the sale of mobile traffic to an outside resource (traffic theft). The site owner who is interested in the mobile Internet audience is the contractor who buys mobile traffic to your site. Dishonest artist or hacker redirects visitors to infected sites to the target site, and the owner pays the above visitors.
How to protect your mobile device from viruses and trojans?
Sadly, often the main perpetrators of hacking and infections are the owners of mobile gadgets, have learned to secure work on the desktop, but still completely ignore the information security rules in the mobile internet. Shifting responsibility for their supposedly peaceful existence on the shoulders of mobile operators, Internet service providers, banks or online stores, mobile users in the literal sense of the word voluntarily “substituted” by malicious cyber attacks.
1. Regularly update the software on the mobile device (browser plug-ins).
2. Update the operating system version immediately after its announcement.
3. Install software only from trusted sources (Windows Phone Store / AppStore / Google Play), and the installation of untrusted – ban.
4. Do not follow links from dubious SMS, MMS, e-mail messages, personal messages in social networks and forums.
5. Install anti-virus protection on the mobile device.