Mobile Malware, part of the Generation Z

Gabriel Bergel    18 May, 2021

Generation Z or “post Millenials” is the demographic group born between 1994 and 2010, mobile malware was born in 2004 with Cabir, the first virus to affect Symbian Series 60 phones. At the time, Nokia was the market leader in mobile phones, and this malware spread from phone to phone via the Bluetooth OBEX insertion protocol. 

I personally believe that mobile malware was born deliberately with a criminal objective and focused on obtaining money illegally, not like computer malware which is considered to have a link to old school and in particular to electronic disobedience, digital revolution, fame or peer recognition. 

Mobile Malware History 

Once this first malware, known as Cabir, was “released”, it only took a year for virus developers to adapt their malicious techniques for mobile use, and progress was very rapid: 

  • 2005: the first trojan. 
  • 2006: the first data theft. 
  • 2008: the first fake antivirus. This would mark the beginning of the main vector of compromise: fake applications. 
  • From 2012 onwards: mobiles start to be used for cyber-espionage and Android becomes the main target for malware. 
  • In 2013: 98.1% of malware was already targeting Android (source: Kaspersky). 
  • In this area, in 2020 an interesting botnet called Terracotta, based on Android and hosted (of course) on Google Play, perpetrated traffic attacks and fake ads in a peculiar way in both its tactics and techniques. In June, it achieved 2 billion fake requests, with 65,000 phones infected. For more information on what happened in 2020, see the 2020 H2 State of Security Report
  • In 2020, we also learned what happened to Jeff Bezos via WhatsApp on his mobile phone, with a simple message and a malicious RAT file that compromised his mobile phone.  
Figure 1: infographic, history of mobile malware

Mobile Security, The Big Challenge 

Today the mobile phone is the most used, most popular and “most important” technological device in our lives, even more so in pandemic times. However, there is still little awareness when it comes to installing applications, sharing information, connecting to public Wi-Fi networks, etc. Furthermore, we can still find mobile spying applications or services that are marketed completely openly, such as FlexiSpy. Therefore, there is a great challenge and responsibility that requires a lot of attention from people. 

At this point, you must be wondering, what is the main vector that could compromise the security of your mobile phone? The answer is the applications that you install, as you can see in figure 2 below. 

Figure 2: Infographics, main vector used (Source: Pradeo)

Main Mobile Malware 

  • Adware: malware that automatically delivers unwanted or misleading ads, present in websites, applications, pop-up ads, in order to generate profit for its authors or worse. 
  • RAT (Remote Administration Tool): it is a tool for remote administration, but it is also used for non-legitimate purposes, which is why it was renamed Remote Access trojan. 
  • Spyware: Malware that collects information and then transfers this information to an external entity without the owner’s knowledge or consent. 
  • Trojans: malicious software that presents itself as a seemingly legitimate and harmless application, but when executed, performs its malicious action. They are usually hidden. 

Mobile Security Recommendations 

  • Do not jailbreak or root the phone. 
  • Avoid installing third-party applications (validate sources). 
  • Block the installation of programs from unknown sources. 
  • Check the list of applications to find out if suspicious programs have been installed without our consent. 
  • Install an Antivirus and/or Antimalware. 
  • Do not click on or download files from masked, unknown links sent by strangers. 
  • Beware of phishing, smshing, phishing in RRSS, etc. 
  • Read the terms and conditions as if you were a lawyer before accepting them and stop the download process if anything looks like permission to load adware. 
  • Perform security scans and keep updates up to date. 

If you also like to research and analyse malware, I recommend our CARMA platform, a free service provided by our Innovation and Lab area. It provides a free set of samples of malware, adware and other potentially dangerous files collected for the Android operating system. These samples may be used exclusively for research or academic purposes, and their use for any other purpose is strictly prohibited. These sets are intended to provide quality samples that can be used for analysis within expert systems such as Machine Learning, Artificial Intelligence or any method to improve future detection of these types of threats. 

Leave a Reply

Your email address will not be published. Required fields are marked *