What to Do About Mobile Malware Advertising Trojans which Exploit Super-User Rights

What to Do About Mobile Malware Advertising Trojans which Exploit Super-User Rights

Trojans are everywhere in the mobile ecosystem and it is not getting any better. 2016 saw a near-threefold rise in mobile malware detections compared to 2015 – with a total of 8.5 million malicious installations identified. This means that, in the space of just one year, a volume equivalent to 50% of all the malware detected in the previous 11 years (15.77 million in 2004 – 2015) was released.

Leading the way were mobile advertising Trojans which now make up 16 of the top 20 malicious programmes, up from 12 in 2015, according to the findings of Kaspersky Lab annual Mobile Virusology report, which also highlights the evolution of mobile banking Trojans.

These Trojans are capable of seizing rooting rights, allowing the malware to not only aggressively display ads on the infected device, often making it impossible to use, but also to secretly install other applications. These Trojans can also buy apps on Google Play. In many cases, the Trojans were able to exploit previously patched vulnerabilities because the user had not installed the latest update.

Further, this malware simultaneously installs its modules in the system directory, which makes the treatment of the infected device very difficult. Some advertising Trojans are even able to infect the recovery image, making it impossible to solve the problem by restoring the device to factory settings.

Representatives of this class of malicious software have been repeatedly found in the official Google Play app store, for example, masquerading as a guide for Pokemon GO. In this case, the app was downloaded over 500,000 times, and is detected as a Trojan(dot)AndroidOS(dot)Ztorg(dot)ad.

The Dark Web delusion

According to specialist officers from INTERPOL’s Global Complex for Innovation, who have also contributed to the report, the Dark Web remains an attractive medium for conducting illicit businesses and activities. Given its robust anonymity, low prices and client-oriented strategy, the Dark Web provides a means for criminal actors to communicate and engage in commercial transactions, buying and selling various products and services, including mobile malware kits. Mobile malware is offered for sale as software packages (e.g. remote access Trojans – RATs), individual solutions and sophisticated tools, like those developed by professional firms or, on a smaller scale, as part of a ‘Bot as a Service’ model. Mobile malware is also a ‘subject of interest’ on vendor shops, forums and social media.

What You Can Do?

Besides the obvious one of installing effective anti-virus systems in your computing devices, you need to learn to understand your other options. Cybersecurity, especially at enterprise level, has components of policy, management, technology and intelligence. Facyber has created a top-quality platform to make that knowledge transfer possible in Africa and beyond. You can take advantage of the affordable programs to deepen your capabilities today.

Share this post

Post Comment