{"id":13001,"date":"2018-08-03T02:30:04","date_gmt":"2018-08-03T10:30:04","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/08\/03\/news-6768\/"},"modified":"2018-08-03T02:30:04","modified_gmt":"2018-08-03T10:30:04","slug":"news-6768","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/08\/03\/news-6768\/","title":{"rendered":"Mobile beasts and where to find them \u2014 part two"},"content":{"rendered":"

Credit to Author: Leonid Grustniy| Date: Fri, 03 Aug 2018 09:10:01 +0000<\/strong><\/p>\n

In the last installment<\/a><\/u> of this story about mobile miscreants, we discussed relatively harmless malware that can find its way onto your smartphone or tablet. Today, we will talk about some far more dangerous beasts that are much more likely to leave you out of pocket or phoneless.\"\"<\/a><\/p>\n

Mobile ransomware<\/h2>\n

As we’ve said before, people are so reliant on their smartphones that if access is denied, they will walk over hot coals to get it back. Knowing that, malicious developers create mobile ransomware Trojans to block victims’ devices and demand money to restore access.<\/p>\n

Like its desktop cousin, mobile ransomware is divided into two types: blockers and encryptors. As the names suggest, encryptors encrypt files and blockers block access \u2014 most often by overlaying the screen with a dodgy banner or demanding a PIN.<\/p>\n

Incidentally, mobile malware often encrypts and<\/em><\/em> blocks. That, for example, is how a certain modification of our old friend, the Svpeng<\/a><\/u> Trojan, earns its scratch.<\/p>\n

Whereas desktop blockers have all but disappeared (they are easy to bypass), on mobile devices they are snowballing. For example, 83% of detected ransomware in 2017<\/a><\/u> came from the Congur family of Trojans, which locked victims’ devices with a PIN.<\/p>\n

Like desktop blockers, mobile versions typically accuse the user of having violated some law \u2014 usually by viewing pornography \u2014 and demand payment of a penalty, supposedly to a government agency. Needless to say, the money goes to the attackers. Such malware is most often distributed through porn sites, adding credibility to the accusation in the eyes of some victims.<\/p>\n

Mobile wipers<\/h3>\n

Once more, the clue is in the name: Wipers wipe all files from a victim’s device. For ordinary scammers trying to make money by collecting ransom, wiping user data makes no business sense. Instead, wipers tend to be used in corporate or political knife fights.<\/p>\n

Wipers are encountered far less often on mobile gadgets than on PCs. And even when they do appear on handheld devices, most often they are acting in concert with some other nasty trick. For example, malware under the name Mazar<\/a><\/u> is able not only to delete data, but also to turn a mobile phone into part of a botnet<\/a><\/u> \u2014 a network used for cyberattacks. But we’ll cover the topic of two-in-one pests another time.<\/p>\n

Mobile miners<\/h3>\n

If your smartphone suddenly starts to heat up, slow down, and drain battery quickly, the most likely culprit is a hidden cryptocurrency miner \u2014 these pests, well, secretly mine cryptocurrency for someone else at your expense.<\/p>\n

It’s possible to get infected<\/a><\/u> even in official app stores: such programs are well disguised as bona fide applications fulfilling the specification in the description, all the while mining virtual coins in the background for their creators. Meanwhile, apps downloaded from third-party sources do their best to impersonate system applications. Sometimes, the malware even pretends to be an application to update Google Play itself, for example, HiddenMiner<\/a><\/u>.<\/p>\n

Although miners do not steal your money or wipe your files, the risk should not be underestimated: Excessive load can cause the device not only to slow down and discharge too quickly, but also to overheat catastrophically.<\/p>\n

How to stay protected<\/h3>\n

No matter how unpleasant they may be, most invasions can be guarded against by following just a few rules:<\/p>\n