Mobile malware is malicious software that targets mobile phones or wireless-enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware.[1]
| This article needs additional citations for verification. (April 2009) |
The first known virus that affected mobiles, "Timofonica", originated in Spain and was identified by antivirus labs in Russia and Finland in June 2000. "Timofonica" sent SMS messages to GSM-capable mobile phones that read (in Spanish) "Information for you: Telefónica is fooling you." These messages were sent through the Internet SMS gateway of the MoviStar mobile operator. "Timofonica" ran on PCs and did not run on mobile devices so was not a true mobile malware[2]
In June 2004, it was discovered that a company called Ojam had engineered an anti-piracy Trojan hack in older versions of its mobile phone game, Mosquito. This sent SMS texts to the company without the user's knowledge.
In July 2004, computer hobbyists released a proof-of-concept virus Cabir, that infects mobile phones running the Symbian operating system, spreading via Bluetooth wireless.[3][4] This was the first true mobile malware[5]
In March 2005, it was reported that a computer worm called Commwarrior-A had been infecting Symbian series 60 mobile phones.[6] This specific worm replicated itself through the phone's Multimedia Messaging Service (MMS), sending copies to contacts listed in the phone user's address book.
In August 2010, Kaspersky Lab reported the trojan Trojan-SMS.AndroidOS.FakePlayer.a.[7] This was the first SMS malware that affected Google's Android operating system,[8] and which sent SMS messages to premium rate numbers without the owner's knowledge, accumulating huge bills.[9]
Currently, various antivirus software companies offer mobile antivirus software programs. Meanwhile, operating system developers try to curb the spread of infections with quality control checks on software and content offered through their digital application distribution platforms, such as Google Play or Apple's App Store. Recent studies however show that mobile antivirus programs are ineffective due to the rapid evolution of mobile malware.[10]
In recent years, deep learning algorithms have also been adopted for mobile malware detection.[11]
Many types of common malicious programs are known to affect mobile devices:
- Expander: Expanders target mobile meters for additional phone billing and profit.
- Worm: The main objective of this stand-alone type of malware is to endlessly reproduce itself and spread to other devices. Worms may also contain harmful and misleading instructions. Mobile worms may be transmitted via text messages SMS or MMS and typically do not require user interaction for execution.[12]
- Trojan: Unlike worms, a Trojan horse always requires user interaction to be activated. This kind of virus is usually inserted into seemingly attractive and non-malicious executable files or applications that are downloaded to the device and executed by the user. Once activated, the malware can cause serious damage by infecting and deactivating other applications or the phone itself, rendering it paralyzed after a certain period of time or a certain number of operations. Usurpation data (spyware) synchronizes with calendars, email accounts, notes, and any other source of information before it is sent to a remote server.
In fact, with increase in creation of viruses & malwares like Trojan Horse, the camera crashing or camfecting issues are becoming quite common.[13]
- Spyware: This malware poses a threat to mobile devices by collecting, using, and illegally spreading a user's personal or sensitive information without the user's consent or knowledge. It is mostly classified into four categories: system monitors, trojans, adware, and tracking cookies.[14]
- Backdoor: Covert method of bypassing security restrictions to gain unauthorized access to a computer system. In simpler words, a backdoor is a piece of code that allows others to go in and out of a system without being detected.[15]
- Dropper: A malware designed to secretly install other programs on a device, unbeknownst to the user. These could include other malicious programs or benign applications that the attacker is interested in spreading (often for financial gain in a [malvertising] campaign).
- Autolycos: This is the latest malware family to be discovered that subscribes users against their will and without their knowledge to premium services. Autolycos was identified in July 2022 by malware experts at cybersecurity firm Evina.[16]
- Joker Malware: This malware infects mobile phones running on Android OS and was first identified in June 2017.[17] When a phone is infected, usually information is stolen by malware makers. Few users have reported of unwanted online subscriptions which is because malware is created to steal otp, make online transactions, etc.
- Cabir: This malware infects mobile phones running on Symbian OS and was first identified in June 2004. When a phone is infected, the message 'Caribe' is displayed on the phone's screen and is displayed every time the phone is turned on. The worm then attempts to spread to other phones in the area using wireless Bluetooth signals, although the recipient has to confirm this manually.
- Duts: This parasitic file infector virus is the first known virus for the Pocket PC platform. It attempts to infect all EXE files that are larger than 4096 bytes in the current directory.
- Skulls: A trojan horse piece of 0 9amcode that targets mainly Symbian OS. Once downloaded, the virus replaces all phone desktop icons with images of a skull. It also renders all phone applications useless. This malware also tends to mass text messages containing malicious links to all contacts accessible through the device in order to spread the damage. This mass texting can also give rise to high expenses.
- Commwarrior: This malware was identified in 2005. It was the first worm to use MMS messages and can spread through Bluetooth as well. It infects devices running under OS Symbian Series 60. The executable worm file, once launched, hunts for accessible Bluetooth devices and sends the infected files under a random name to various devices.
- FlexiSpy: Stalkerware software that was first developed in 2006.[18] Initially designed for Symbian OS, it was classified as malware by an anti-virus vendor in 2007.[19] It is now available for Android and iOS.[20] It can be used to track locations, read WhatsApp and SMS messages, listen in to ambient conversations, intercept phone calls and other abilities.[21]
- HatiHati: A worm-like software for Symbian OS devices, first identified in 2007.[22] HatiHati was a pirated copy of the beta version of an anti-theft software for Symbian OS called Guardian.[23] It had a number of flaws that meant it acted like a worm by copying itself to any memory card inserted into the mobile, and once in a mobile device the application sent many alerts SMS to a given set of numbers.[24] Volumes of up to 12% of the total SMS in a mobile operator in the Middle East could be attributed to the malware.[25]
- ZitMo: This malware was identified in 2010. An abbreviation of Zeus-In-The-Mobile, it is a trojan that is suggested for installation on a mobile phone by a Zeus-infected computer, and redirects incoming SMSs by acting like a man-in-the-mobile. It was the first mobile malware designed to steal mTAN banking codes.[26] It was originally detected on Symbian, before being identified on Windows Mobile, BlackBerry and Android.
- GingerMaster: A trojan developed for an Android platform that propagates by installing applications that incorporate a hidden malware for installation in the background. It exploits the frailty in the version Gingerbread (2.3) of the operating system to use super-user permissions by privileged escalation. It then creates a service that steals information from infected terminals (user ID, number SIM, phone number, IMEI, IMSI, screen resolution and local time) by sending it to a remote server through petitions HTTP.
- DroidKungFu: A trojan content in Android applications, which when executed, obtains root privileges and installs the file com.google. ssearch.apk, which contains a back door that allows files to be removed, open home pages to be supplied, and 'open web and download and install' application packages. This virus collects and sends to a remote server all available data on the terminal.
- Ikee: The first worm known for iOS platforms, identified in 2009.[27] It only works on terminals that were previously made a process of jailbreak, and spreads by trying to access other devices using the SSH protocol, first through the subnet that is connected to the device. Then, it repeats the process generating a random range and finally uses some preset ranges corresponding to the IP address of certain telephone companies. Once the computer is infected, the wallpaper is replaced by a photograph of the singer Rick Astley, a reference to the Rickroll phenomenon.
- Samsapo: The first worm known for Android platforms, identified in April 2014.[28] The worm was targeted mostly against Russian Android users. Once a device was infected the malware could act like spyware, as well as do other actions like download additional malicious files, send SMSs to premium rate numbers and block phone calls.[29]
- Gunpoder: This worm file infector virus is the first known virus that officially infected the Google Play Store in few countries, including Brazil.[30]
- Shedun: adware serving malware able to root Android devices.
- HummingBad: Infected over 10 million Android operating systems in 2016. User details were sold and adverts were tapped on without the user's knowledge thereby generating fraudulent advertising revenue.[31]
- Pegasus: This spyware was identified in August 2016. It exploited three previously undisclosed vulnerabilities in iOS, which when combined allowed for a remote jailbreak of an iOS device, something which had not been seen before for iOS devices in the wild.[32] Once installed, the spyware was capable of many features including logging encrypted messages, activating the phone microphone and secretly tracking phone movements. It was first identified for iOS platforms,[33] before being later identified for Android devices.[34]
Catal, Cagatay (2022). "Applications of deep learning for mobile malware detection : A systematic literature review". EBSCOhost Military and Government Collection. 34 (2): 1007–1032.