Mobile malware

From Wikipedia, the free encyclopedia
  (Redirected from Mobile virus)
Jump to navigation Jump to search

Mobile malware is malicious software that targets mobile phones or wireless-enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware.[1]


Cell phone malware were initially demonstrated by Brazilian software engineer Marcos Velasco. He created a virus that could be used by anyone in order to educate the public of the threat.[2]

The first known mobile virus, "Timofonica", originated in Spain and was identified by antivirus labs in Russia and Finland in June 2000. "Timofonica" sent SMS messages to GSM-capable mobile phones that read (in Spanish) "Information for you: Telefónica is fooling you." These messages were sent through the Internet SMS gateway of the MoviStar mobile operator.[3]

In June 2004, it was discovered that a company called Ojam had engineered an anti-piracy Trojan hack in older versions of its mobile phone game, Mosquito. This sent SMS texts to the company without the user's knowledge.

In July 2004, computer hobbyists released a proof-of-concept virus Cabir, that infects mobile phones running the Symbian operating system, spreading via Bluetooth wireless.[4][5]

In March 2005, it was reported that a computer worm called Commwarrior-A had been infecting Symbian series 60 mobile phones.[6] This specific worm replicated itself through the phone's Multimedia Messaging Service (MMS), sending copies to contacts listed in the phone user's address book.

In August 2010, Kaspersky Lab reported the trojan Trojan-SMS.AndroidOS.FakePlayer.a.[7] This was the first SMS malware that affected Google's Android operating system,[8] and which sent SMS messages to premium rate numbers without the owner's knowledge, accumulating huge bills.[9]

Currently, various antivirus software companies offer mobile antivirus software programs. Meanwhile, operating system developers try to curb the spread of infections with quality control checks on software and content offered through their digital application distribution platforms, such as Google Play or Apple's App Store. Recent studies however show that mobile antivirus programs are ineffective due to the rapid evolution of mobile malware.[10]


Many types of common malicious programs are known to affect mobile devices:

  • Expander: Expanders target mobile meters for additional phone billing and profit
  • Worm: The main objective of this stand-alone type of malware is to endlessly reproduce itself and spread to other devices. Worms may also contain harmful and misleading instructions. Mobile worms may be transmitted via text messages SMS or MMS and typically do not require user interaction for execution.[11]
  • Trojan: Unlike worms, a Trojan horse always requires user interaction to be activated. This kind of virus is usually inserted into seemingly attractive and non-malicious executable files or applications that are downloaded to the device and executed by the user. Once activated, the malware can cause serious damage by infecting and deactivating other applications or the phone itself, rendering it paralyzed after a certain period of time or a certain number of operations. Usurpation data (spyware) synchronizes with calendars, email accounts, notes, and any other source of information before it is sent to a remote server.
  • Spyware: This malware poses a threat to mobile devices by collecting, using, and spreading a user's personal or sensitive information without the user's consent or knowledge. It is mostly classified into four categories: system monitors, trojans, adware, and tracking cookies.
  • Backdoor: Covert method of bypassing security restrictions to gain unauthorized access to a computer system. In simpler words, a backdoor is a piece of code that allows others to go in and out of a system without being detected.[12]
  • Dropper: A malware designed to install other programs on a device, unbeknownst to the user. These could include other malicious programs or benign applications that the attacker is interested in spreading (often for financial gain in a malvertising campaign).

Notable mobile malicious programs[edit]

  • Cabir: This malware infects mobile phones running on Symbian OS and was first identified in June 2004. When a phone is infected, the message 'Caribe' is displayed on the phone's screen and is displayed every time the phone is turned on. The worm then attempts to spread to other phones in the area using wireless Bluetooth signals, although the recipient has to confirm this manually.
  • Duts: This parasitic file infector virus is the first known virus for the Pocket PC platform. It attempts to infect all EXE files that are larger than 4096 bytes in the current directory.
  • Skulls: A trojan horse piece of code that targets mainly Symbian OS. Once downloaded, the virus replaces all phone desktop icons with images of a skull. It also renders all phone applications useless. This malware also tends to mass text messages containing malicious links to all contacts accessible through the device in order to spread the damage. This mass texting can also give rise to high expenses.
  • Commwarrior: This malware was identified in 2005. It was the first worm to use MMS messages and can spread through Bluetooth as well. It infects devices running under OS Symbian Series 60. The executable worm file, once launched, hunts for accessible Bluetooth devices and sends the infected files under a random name to various devices.
  • ZitMo: This malware was identified in 2010. An abbreviation of Zeus-In-The-Mobile, it is a trojan that is suggested for installation on a mobile phone by a Zeus-infected computer, and redirects incoming SMSs by acting like a man-in-the-mobile. It was the first mobile malware designed to steal mTAN banking codes.[13] It was originally detected on Symbian, before being identified on Windows Mobile, BlackBerry and Android.
  • Gingermaster: A trojan developed for an Android platform that propagates by installing applications that incorporate a hidden malware for installation in the background. It exploits the frailty in the version Gingerbread (2.3) of the operating system to use super-user permissions by privileged escalation. It then creates a service that steals information from infected terminals (user ID, number SIM, phone number, IMEI, IMSI, screen resolution and local time) by sending it to a remote server through petitions HTTP.
  • DroidKungFu: A trojan content in Android applications, which when executed, obtains root privileges and installs the file ssearch.apk, which contains a back door that allows files to be removed, open home pages to be supplied, and 'open web and download and install' application packages. This virus collects and sends to a remote server all available data on the terminal.
  • Ikee: The first worm known for iOS platforms. It only works on terminals that were previously made a process of jailbreak, and spreads by trying to access other devices using the SSH protocol, first through the subnet that is connected to the device. Then, it repeats the process generating a random range and finally uses some preset ranges corresponding to the IP address of certain telephone companies. Once the computer is infected, the wallpaper is replaced by a photograph of the singer Rick Astley, a reference to the Rickroll phenomenon.
  • Gunpoder : This worm file infector virus is the first known virus that officially infected the Google Play Store in few countries, including Brazil.[14]
  • Shedun: adware serving malware able to root Android devices.
  • HummingBad - Infected over 10 million Android operating systems in 2016. User details were sold and adverts were tapped on without the user's knowledge thereby generating fraudulent advertising revenue.[15]
  • Pegasus: This spyware was identified in August 2016. It exploited three previously undisclosed vulnerabilities in iOS, which when combined allowed for a remote jailbreak of an iOS device, something which had not been seen before for iOS devices in the wild.[16] Once installed, the spyware was capable of many features including logging encrypted messages, activating the phone microphone and secretly tracking phone movements. It was first identified for iOS platforms,[17] before being later identified for Android devices.[18]

See also[edit]


  1. ^ Mobile malware attacks and defense. Dunham, Ken. Burlington, MA: Syngress/Elsevier. 2009. ISBN 9780080949192. OCLC 318353699.CS1 maint: others (link)
  2. ^ Preston Gralla (2005). PC Pest Control: Protect Your Computers from Malicious Internet Invaders. "O'Reilly Media, Inc.". p. 237. ISBN 978-0-596-00926-7.
  3. ^ "Mobile Phones Swamped by E-Mail Virus". 7 June 2000.
  4. ^ Malware Goes Mobile, Mikko Hyppönen, Scientific American, November 2006, pp. 70-77.
  5. ^ Richard Hantula (2009). How Do Cell Phones Work?. Infobase Publishing. p. 27. ISBN 978-1-4381-2805-4.
  6. ^ Computer Virus Timeline (
  7. ^ Android Virus Security Lab
  8. ^ "Information about Smartphone Virus and Prevention tips". Retrieved 2013-01-12.
  9. ^ "First SMS Trojan detected for smartphones running Android". Kaspersky Lab. Retrieved 2010-10-18.
  10. ^ Suarez-Tangil, Guillermo; Juan E. Tapiador; Pedro Peris-Lopez; Arturo Ribagorda (2014). "Evolution, Detection and Analysis of Malware in Smart Devices" (PDF). IEEE Communications Surveys & Tutorials. 16 (2): 961–987. doi:10.1109/SURV.2013.101613.00077. S2CID 5627271. Archived from the original (PDF) on 2017-10-31. Retrieved 2013-11-11.
  11. ^ "How to Remove an Android Virus". Latest Gadget. 2019-03-24. Retrieved 2019-07-15.
  12. ^ "What Is A Backdoor and How to Protect Against It | Safety Detective". Safety Detective. Retrieved 2018-11-22.
  13. ^ "ZeuS-in-the-Mobile – Facts and Theories". Retrieved 2021-04-19.
  14. ^ "Mobile virus hack Google Play user on Brazil".
  15. ^ Samuel Gibbs. "HummingBad malware infects 10m Android devices". Retrieved 2016-07-06.
  16. ^ Brandom, Russell (2016-08-25). "A serious attack on the iPhone was just seen in use for the first time". The Verge. Retrieved 2021-04-22.
  17. ^ "The Million Dollar Dissident: NSO Group's iPhone Zero-Days used against a UAE Human Rights Defender". The Citizen Lab. 2016-08-24. Retrieved 2021-04-22.
  18. ^ "Pegasus for Android: the other side of the story emerges". Retrieved 2021-04-22.

External links[edit]