Towards the end of 2021, experts detected a sharp drop in the shipment of malware, but according to a report, we are seeing an increase of up to 500% in this type of virus for mobile devices.
The most consistent increase has been seen especially in ‘ smishing’ attempts, a phishing-type malware that is transmitted via SMS or text messages. In essence, a smishing link will attempt to trick the user into entering their credentials on a fake login page, thereby stealing their passwords, bank details, and sensitive personal information.
The 5 most common malware for mobile devices
According to Proofpoint’s Cloudmark Mobile Threat Research report, attacks are carried out from regions around the world, using different social engineering techniques and attack vectors to deliver malware to the user’s device.
When it comes to smishing, the most buoyant type of smartphone virus today, these are the main malware families that use SMS as their main threat vector.
Flubot
This worm-like malware was first identified in Spain in November 2020. FluBot spreads by accessing the device’s contact list and sending all information and phone numbers to a command and control (C&C) server. From there, that server is responsible for sending new infected messages to the numbers on the contact list.
Once it has infected the FluBot device, it can access the internet, read and send messages, read notifications, make voice calls, and even remove other applications. Furthermore, when the user uses other selected applications, this malware overlays a screen designed to steal the usernames and passwords of banks, stockbrokers and the like.
TeaBot
TeaBot is a multifunctional Trojan first detected in Italy, capable of stealing credentials and messages. This virus also allows the attacker to transmit the screen content of the infected device.
TeaBot’s speciality is bank details, which is why it is preconfigured to steal credentials through more than 60 European banks, as well as being adapted for several languages. It has mainly been aimed at financial institutions in Spain and Germany.
TeaBot’s propagation method is via SMS text messages very similar to FluBot’s, allowing it to compromise accounts and steal funds from victims.
TangleBot
Powerful and elusive malware that spreads mainly through fake package delivery notifications (such as Amazon and other online stores). This virus was originally detected in North America in 2021 and has recently also appeared in Turkey, although its attacks remain rare.
In addition to its ability to remotely control devices and overlay other mobile apps for data theft, TangleBot is also capable of intercepting the camera and microphone of the infected device.
Moqhao
Moqhao is another SMS-based malware deployed by the Roaming Mantis cybercriminal group. It has been detected in several Asian countries such as Japan, China, India and Russia, and more recently it has also appeared in France and Germany.
The attacks are multilingual, and the target web pages are adapted to the recipient’s language. This virus is a functional remote access Trojan with espionage and exfiltration features, capable of monitoring device communications.
BRATA
BRATA is mobile banking malware primarily targeting Italian bank customers and uses SMS messages to trick the user into downloading a fake security app.
Once installed, BRATA can record phone screen activity and insert app overlays to steal the victim’s credentials.
BRATA currently has 3 variants, BRATA.A, BRATA.B and BRATA.C, each one more harmful, being even capable of resetting the user’s mobile so as not to leave footprints. In recent months, in addition to Italy, it has also been deployed in other countries such as Spain, Latin America, Poland, China and the United Kingdom.
Protect your Android against malware attacks
Android is the main operating system targeted by these malware attacks.
The best thing you can do to avoid falling for this type of deception is to be suspicious of any unsolicited SMS, not to click on any link or provide any personal data through these channels, and if in doubt, always contact your bank.
