Android malware, The advances of the last few years have improved the quality of our mobile phones, but have also created potential security risks.
Is it possible to install malware on Android devices?
Some users believe that their Android tablets and smartphones are in complete security. The days when hackers were only looking at desktop operating systems are over.
Today, hackers can attack any smart device from desktop and mobile computers to TVs and smartphones. Even virtual reality gadgets, drones and self-driving cars are not immune from the onslaught of these attacks.
A brief history of the process of forming Android malware
In order to gain an accurate understanding of the security risks involved in this area, we first need to examine the history of the formation of Android malware.
Google released the Android operating system in 2008, an operating system that now has 2.5 billion devices.
Hackers were not very interested in Android at first because it wasn’t popular and most users were using Windows computers. At that time, hackers were focused on the popular Symbian operating system.
Over time, and almost since 2010, when Android became a pervasive operating system, it provided the perfect platform for the spread of infections.
The openness of this operating system along with the various Android stores that emerged paved the way for malicious apps to enter the official Android stores.
In 2010, the first Android malware was identified as AndroidOS.DroidSMS.A.
The malware above was an SMS scam program that registered a mobile phone number in SMS services without the user’s knowledge.
In the early days of the service, users were able to choose the type of SMS they would like to receive (news, jokes, weekly ringtones, etc.) and pay for each SMS.
When the user’s phone became infected with the malware above, it automatically subscribed to the services and went through the verification process.
The user was only notified when he had received his cellphone bill that he had joined a texting service. In mid-2010, another malware called TapSnake was detected.
Malware sends the victim’s global positioning device via the HTTP protocol to the phones that had the GPS Spy app installed.
That same year,
another malware called DroidDream was detected. The malware was programmed to be activated only during the period of 11 nights to 8 am, with most users sleeping and not using their device.
The DroidDream malware was a botnet that gained root access to Android devices and stole phones’ unique information.
The malware could download other types of malicious software without the user’s knowledge and allow hackers to gain control of the victim’s device.
Android malware has gradually become ubiquitous
Since 2010, there has been no sign of a decline in the number of malware attacks on Android phones. Most of the Android malware and Android malware release and build kits are published and sold on the Web.
More precisely, any user can enter the web marketplace and purchase malware to harm others. For example, the MazelTov Toolkit, also called the APK Download System, was produced and released in 2015.
The purpose of this toolkit is to upload and distribute malware on Android devices.
The MazelTov release kit allows hackers to take control of infected machines, obtain various statistics on the success rate of malware, and even track their profits from infecting devices. The toolkit sold for $ 3,000 in bitcoin.
Types of Android OS malware
The Android operating system can be infected with various types of malware, but the most common malware are:
Trojan is malware that looks like legal applications and software and looks safe. Trojans are used to collect sensitive data, spyware, delete files, root-level access to the device, download other malware, and more.
2. Key holders
Keyloggers, or more precisely key registrars, are malware that captures keys pressed on a user’s virtual keyboard. More precisely, any key that is touched on the phone’s keyboard is collected by these malware.
the above malware is easily accessible on the web and even ordinary users can find it with a simple search. The above malware is promoted more like parental control tools, and even some software designers advertise it and sell it.
This model of malware is mostly found on computers, but in recent years Android ransomware has also been released. Most Android ransomware encrypts files on phones, but some have the ability to lock the phone’s screen.
In this case, only a message will be displayed on the user’s phone, which must be paid in bitcoin to decrypt.
In Figure 2 you can see an example of a ransomware attack that targeted the owners of smartphones whose language is Russian.
This message informs the user to pay 500 rubles and sends private content to the target audience if the ransom is not paid.
Spyware is another type of malware that is used to eavesdrop. If you are a WhatsApp platform user you are likely to be aware of a WhatsApp spyware attack. An attack that exploited a vulnerability in the program.
Hackers use spyware to access information inside a smartphone similar to contacts, messages and sensitive information and even take control of the user’s microphone and camera.
If you see annoying ads on your phone when you’re surfing the web or using an app, it’s likely that your phone is infected with an ad.
The most important Android malware campaigns identified in 2019
Every year important malware campaigns are identified with the Android operating system, which are among the most influential 9-month campaigns in recent years.
The FileCoder ransom that infects Android 5.1 and up releases through text messages containing a malicious link inside them.
Messages try to convince the user to download an application to simulate images. Once the application is downloaded and installed, all files on the phone will be encrypted and the victim will have to pay $ 94 to $ 188 to retrieve the files.
The aforementioned campaign was identified in April 1989 and has succeeded in killing 150 million users. SimBad is an ad that has been identified by Google in the 2019 Android app at the official Google Store.
The malware works in the form of a promotional kit called RXDrioder, allowing hackers to target users with targeted advertising.
Most shooting and racing games were infested with adware. The ad hides app icons for anonymity so the user can’t easily delete apps. The above ad was able to open a specific URL within the user’s browser to show more ads.
3. Agent Smith
In July of this year, another malware campaign was identified as Agent Smith. The ad succeeded in infecting 25 million Android devices by crossing the security barrier.
Agent Smith showed various ads to users in full-page form and paid hackers for every ad he saw. The ad could identify whatsapp-like social networks, overwrite some of their code, and prevent them from being updated.
The malware was hidden inside certain applications and after installing on the victim’s device mimicked the performance of popular applications such as Google Updater and began the process of code replacement.
The malware was identify in 9 reputable Android stores. The developer of the malware had managed to release 11 applications with the same code inside the polystore store.
BianLian is a bank Trojan that was released early last year. The early version worked as programs such as currency calculator, discount finder, device cleaner from annoying programs, and so on.
Upon authorization, the malware was editing key services of the victim’s device and continued to operate as a key scanner malware to steal bank card information.
The app was perfectly normal and topped the popular apps in the Google Store. In July, a new version of the malware was identified as BianLian.
The new version can take a screenshot of the user screen and send the entered information, including passwords, usernames and credit card numbers, to the hacker.
Monokle is a malware spyware group that was identify in August. The spyware has been active since 2016 and hides in fake applications that function similar to popular Skype, Signal and Evernote applications.
The spyware recovered users’ passwords and turned the user’s phone into an interception device. Another malicious activity is recording malicious phone calls and microphone interception.
6. (MobonoGram (Android.Fakeyouwon
Mobonogram is a malicious program that uses the open source code of the telegram program. The program targeted users in countries where telegram access was not possible.
The malware above could run itself any time the device was launch or after receiving updates. Inside the code were modules to access command and control servers to obtain malicious URLs.
From January 1979 to June 1998, researchers identified 1235 family-related infections of the malware. Before removing the app from the Google Store, Mobonogram released at least 5 updates.
Needless to say, another malicious program was designed and released by the developers of this program, Whatsgram.
How to find malware on Android phones?
Android antivirus can detect malware, if you don’t have antivirus installed on your phone for any reason, there are some warning signs that may help you detect malware.
Early discharge of battery charge faster than normal
If you use an Android phone normally and your usage is not too common, but the battery charge is draining without a reason, the phone may be infected with malware. In some cases, malicious programs can quickly consume the device’s battery.
To fix this, go to the phone’s Settings section, select Battery, and check for applications that use heavy battery power. Make sure the programs shown in this section are real and have no nominal similarity.
Warming and decreasing device performance
If you haven’t seen a change in the way you use your phone and your usage is similar to the past, but your phone is rapidly warming up and running slow or running problems, the phone may be infected with malware.
To analyze this problem, you need to check your data usage and see which applications use more data. Go to Access Settings and then Data and check out all the applications. If you find an overused program, delete it.
Frequent and random display of ads
Repeatedly showing ads even when you’re not doing something is a clear sign of contamination with an ad. The smartphone should not show ads for no reason. Never click on ads, even those that make different promises.
Show SMS and unknown calls
If you receive text messages or unknown calls, your phone may be infected. For example, you may receive a strange message from your audience that encourages you to click on a suspicious link located within the SMS.
Under such circumstances, malware may infect the target phone and send you such a message.
For example, FileCoder ransom infects users by text message. Never reply to unknown calls or messages.
Install anonymous apps on your phone
If you find anonymous apps on your phone that you haven’t installed yourself, quickly remove them. Some malware, like the fake Google Updater instance, tries to infiltrate the user’s phone by imitating the actions of a real application with complete secrecy.
Search for hidden apps
Some malware is install on the user’s phone without installing any icons. To find these apps you need to go to the phone’s Settings section, select Applications, and search for unwanted applications. Quickly remove suspicious programs found in this section.
How to prevent malware from being install on your Android phone?
If we look at some security tips, hackers can’t easily infect our Android phone. Some of the important security tips to keep in mind are:
1. Set the phone password as a pin, pattern or bio-factor
The first security thing to look for in any Android device is to set a strong password or visual pattern. If the phone supports biosensors, you might want to use your fingerprint to unlock the phone.
2. Set the screen off time to less than 30 seconds if disabled
This will ensure that if you leave your phone in place, it will be locked quickly and no one will be able to access it.
3. Do not root the phone
Users try to root the phone to install unofficial applications and install updates themselves on the operating system. Unfortunately, this has many security problems, only if you are a master technician.
4. Get apps only from reputable stores
Downloading apps from miscellaneous and anonymous stores doubles the risk of infection. Google uses robust security mechanisms to evaluate applications. When an app is downloaded and installed from an unofficial store, it actually circumvents Google’s security mechanisms.
5. Remove unused applications
Take some time to clear unused applications. Unused applications not only create security breaches, but also in most cases bring bandwidth to receive multiple updates early to end Internet traffic.
6. Be careful about installing applications
In some cases, users from Android stores download Android apps, but in the meantime some stores are naughty. The user is trying to install one application, but the store places the link of another application first and places the original application link after the ad link. The user installs the sub-program and when he / she finds out he / she is going to download and install the main program and unfortunately does not remove the sub-program.
7. Be careful with the permissions assign
Some applications require the user to access the list of numbers, photos, and contacts, but their performance is not relevant to these segments. These applications are designed to track users’ activities, so it is best not to install such applications.
8. Update the operating system
Operating system and application updates are important because updates are offered to offer new features and patch bugs.
9. Encrypt phone information
Encrypting information on the main memory and memory card prevents personal information from being easily steal. You must go to the Security section of the phone for encryption. Note that the encryption and decryption process will make the phone faster to unload. It’s best to do this when your phone’s battery is charging.
10. Follow Security
News Check out malware releases to find out more about new hackers’ tactics and ways to counter them.
a good antivirus A good antivirus protects your phone from hacker attacks. Thor Mobile Security is a powerful option that detects and removes malware before it gets infecting. This antivirus checks for URLs before opening and prevents a site from opening if it is suspect.
How to remove malware on your phone?
The task of removing malware is antivirus, but in some cases you may have to do it yourself. Undoubtedly, the best solution for removing Android phone viruses is Factor Reset, which will erase all information on the phone and even personal information. In general, to remove malware from your Android phone, follow these steps:
1. Launch the phone in safe mode.
2. Remove suspicious, unused, or outdated programs.
3. Install a secure antivirus on your phone. Google Play Protect is a powerful security mechanism, but it still has some shortcomings. Google Play Protect was test by AV Comparatives Lab in July of this year, earning 83.2% and 28 false positive ratings. That’s why it’s best to think of a powerful antivirus.