Mobile technologies play an increasingly prominent place in modern life. Gradually and banking services move into that area, which is accompanied by new risks. According to expert studies, the vast majority of existing mobile viruses aimed at the platform Android.
"The vast majority of malicious programs focused on the platform Android. If we consider the modern mobile platform iOS, Android and Windows Phone 8, the percentage of threats for Android will reach 99% - says a leading virus analyst ESET Russia Artem Baranov. - There are threats of "old times" for OS Symbian, but their share in comparison with threats for Android is also negligible. For iOS found no more than a couple of dozen malware families. "
Edition Banki listed basic methods of malware on mobile devices.
Methods of infection
Pick up malware on the smartphone can be in many ways. Initially, all the mobile operating systems are protected from intrusion. In order to catch the virus, the user must open the way for him. And people do it surprisingly often.
The fact that many useful programs for mobile phones that are installed through the official app stores are decent money. To be able to put together programs for free download from pirate resources required to perform certain actions on the phone: it's for iOS security breach by jailbreak for Android - permission to install software from untrusted sources.
But this is not enough to become vulnerable. There are many ways to upload to mobile malware, but it set the user must voluntarily. Users need to cheat.
Bogus official app store. In this case, attackers need not deceive as many users as the company that controls the app store (Google Play, App Store, etc.). In case of any App Store app, put in a store, is being scrutinized by experts Apple. And cases of malware there are extremely rare. But in Google Play this happens much more often. Typically, such an application masquerades as a useful tool, but does nothing useful.
As an example is found in the 2012 application Findand Call, supposedly allows you to find the phone number of contact on social networks or email. Actually Findand Call sends its owner a complete list of contacts the victim and sends SMS spam the entire list. Note that the attackers managed to introduce its program not only in Google Play, but also in the App Store. Owners were threatened unbroken iPhone, does not even think about installing Jailbreak.
In this situation, to protect against infection is very difficult, especially if the application is fresh and angry people do not have time to leave their comments. Smartphone default trust applications from the official store, and installation problems will not make. Kind can help set your smartphone anti-virus software, vocal, monitor the activities of applications.
Fake app store side. Often manufacturers of smartphones, tablets and applications create their own app stores. This is especially fond of Chinese companies, such stores are very popular there. In this and other companies are allowed to download your application to the store. Alas, in these stores often applications are not checked at all or only checked automatically using an antivirus that unknown virus, most likely will not be able to catch.
Fake application pirate resource. Everything is simple and clear - anyone can put on a pirate forum or torrent tracker app that looks like a legitimate program.
Legitimate application with embedded malicious code. Relatively new method of infection, up-on the platform Android. Take Angry Birds without advertising, introduced additional code placed in party stores and pirate resources - and success is assured.Application installation package contains a digital signature that seemingly should make it impossible to execute such tricks. Yes, that's a funny thing - not for Android certifying centers. This means that self-signed to sign the package can anyone - check signer nobody.
Sending links to malicious application. This is the most popular method of distribution of mobile malware. For the malware could not be easier: hitting the smartphone, it just sends a list of contacts throughout SMS, MMS, emails, messages through social networks or Skype.The message will contain a link and some enticing text like "Look, find your picture on the net!". Of course, after following a link smartphone report about downloading the installation package and ask for permission to install it. Unfortunately, many people in this situation, just shake the "Install" absolutely not thinking over his actions.
Artem Baranov told about one of these viruses: "Not so long ago, our experts of the virus laboratory in Bratislava warned of a new Trojan Samsapo with functional Bunker. After you install the application under the guise of legal Samsapo circulate around the contact list message in Russian, "It's your photo?" And a link to a malicious ARC file. If your smartphone is infected Samsapo, two-factor authentication will not help protect the funds in the bank account - Trojan intercepts and sends SMS to the remote server from the bank. "
Hacking legitimate sites and placing viruses there. This happens more often than you can imagine. Often administrators popular sites not too concerned about information security, and attackers easily engross their passwords, enter the control system and interfere with the HTML-code pages. If you go to a site with a mobile device, it will look exactly as before, but on your phone or tablet will download the installation package of malware. Naturally, a request to allow the installation will still appear. But, as has been said, it does not stop many.
In most cases, the malicious installation package masquerades update Flash Player, without which it is impossible to fully ostensibly to visit the site or by upgrading your browser version which supposedly outdated. It should be remembered that on mobile platforms no updates are installed as separate programs and downloaded through the official app store.
Bluetooth-contamination. Currently, this method is deprecated and virus writers are almost never used, but a few years ago is often practiced on the platform Symbian. Cabir worm and his descendants were able to include Bluetooth on your phone, search for nearby Bluetooth enabled smartphones with yourself and send to them. However, the user should be able to accept the file.
Extracting money
If you have allowed themselves to be deceived and installed on the smartphone trojan, it appears virtually defenseless against hackers. Even anti-virus software does not always work, as the most advanced malware are able to cope with it. If you are not lucky and you have picked a Trojan-Banker, you can lose your money in several ways.
To start the Trojan tries to determine which bank customer you are. He will send to your server all your SMS messages and a list of applications. Owner Trojan examines the information and establish the bank. If the bank is on the list of interest to the hacker, the Trojan downloads the additional module created for a particular bank. Further there are several possible scenarios.
Payment by SMS mobile account. This is the most popular feature of SMS banking and least protected. Indeed, what could be more innocent - a bank customer transfers money on your mobile bill. No additional passwords and codes is not normally required.
It gets easier with money from the mobile account, you can pay for the service shop dummy, created only to withdraw the funds from foreign accounts, send SMS pack of premium rate numbers or operator commands to transfer money to another room. In this case, in fact, the mobile operator acts as an accomplice, albeit unintentionally. Obtained in this fee (and with SMS to premium rate numbers, the operator can take up to 60% of the amount) to deprive the operator campaigns against such scams any interest.
Transfer money teams SMS banking. Many banks consider the user's phone trusted device. If the number is tied to the account, but still there is a connection identifier to sim card, the phone owner can perform many operations without entering passwords and one-time codes. Note that this sin even highly reputable banks. Thus, got a smartphone, the Trojan sends the bank quietly SMS commands to transfer money to another card. With which of course they will very quickly cashed out at an ATM.
Substitution application interface bank. This is the most cunning and complex in execution method, but it works with applications of any bank. Finding your smartphone mobile banking application, the attacker sends Trojan module interface spoofing. Running the application, the user will see a false picture showed him on top of this. Next, the Trojan gets all the data entered by the user (login and password, SMS codes, etc.), and shows him what he has to see when working with online banking application. The resulting data is transmitted in the present application, but the Trojan can change and the recipient and the type of operation. There should carefully read the text of incoming SMS messages with codes: if you try to pay for Internet access, and the report indicated transfer to a private person - your phone is infected.
Interception SMS codes. Many mobile Trojans are able to retrieve from the phone SMS messages and send them to its owner. Often attackers build a multistep scheme. Infect a computer keystroke logger (Trojan, recording keystrokes), they take possession of the login and password for online banking. Peeped in Internet bank account number of the owner, they send him to a phishing SMS or MMS with reference to mobile Trojan. If the victim succumbed to the hype and installed a Trojan on your smartphone, the offender may fill in any online banking transactions in its account - it will forward disposable codes embedded mobile spy.
How to Get Rid
Find that the phone is infected, it may not be so easy. In some cases, the Trojan does not manifest itself. For example, spyware intercepts the device information and sends it to a remote server without the user's knowledge intruders.
Finally, some malware installed in other unwanted software - they can be seen by the presence of unfamiliar programs in the operating system.
So under suspicious writedowns from the mobile account, the sudden appearance of new icons in the applications menu or push-notification of unknown origin is worth considering.
If you realize that your friend is not quite smart friend or, more precisely, it is not yours, you want to remove the Trojan. The simplest malware can simply uninstall like any other application. Most virus writers is not rocket science, and sophisticated technology to counter the removal of their reach. Scroll down the list of applications suspicious programs that you do not put, and simply remove it - in most cases it helps. If this proves something important-set smartphone - do not worry, the system still does not allow you to delete.
Other, more advanced products cybercrime creativity will not remove themselves so simple.They are protected in different ways, for example, a confirmation dialog uninstall impose its dialogue with the request form "Removal of this application will entail clearing of memory devices." And no cleaning in fact will not sign with text intended to simply block the OK button, which is required to remove the program. In such cases, the antivirus program can help, able to cope with this type of Trojan.
If the Trojan is trained to block attempts by the anti-virus removal, business is bad. But not hopeless! There is always a way out - the so-called hard reset (hardreset). For every smartphone there is a way to fully refund the memory device to its original state. Usually this is done via the settings menu. And here, the Trojan can prevent, but there are always ways to spare: by pressing the function keys (on and adjust the volume) or by connecting to a computer. Alas, all data and installed programs will be lost.