Add Your Heading Text Here

Share it:

Our smartphones and tablets know almost everything about us — from contact details to bank card numbers and current location. This information is a goldmine for cybercriminals. As a result, the Web is full of all kinds of pests out to grab anything lying around (or carelessly typed).

Spyware

Spyware is the name given to programs that, yes, spy on people. Like hidden cryptominers, spyware tries to lie low on your smartphone for as long as possible, which tends to make it very difficult to detect.

Some types of spyware steal data — anything from user names and passwords to photos and geolocation data; other types stick to the spy game, recording audio, shooting videos, and so on.

Here’s what such malware is capable of:

  • Stealing your e-mails and text messages (both SMS and IM) and forwarding them to cybercriminals,
  • Recording phone conversations,
  • Sending your device’s GPS coordinates to scammers,
  • Revealing your browser history and clipboard contents,
  • Stealing personal or work documents, or any files from your phone,
  • Turning on the microphone and/or camera and sending out secretly recorded photos, audio, and video,
  • Stealing social media and online bank account details,
  • Collecting system information.

For example, the Trojan spyware Skygofree starts recording audio when the owner of the infected device is in a place selected by the spyware operators; it also harvests browser history, user names, passwords, and card numbers. It then connects to Wi-Fi all by itself and transfers the booty.

Keyloggers

Spyware can be general-purpose or specialized. For example, keyloggers are malware programs that log keystrokes on the keyboard. Sure, modern phones have only virtual keys, but that’s even better for keyloggers. Some masquerade as alternative keyboards, making it child’s play to pick up what the user taps.

Banking Trojans

Another specialized breed of spyware, banking Trojans steal data linked to bank cards and apps. These monsters are quite popular with hackers because they provide a direct route into other people’s accounts.

Banking Trojans come in a variety of flavors, and in many cases they combine an array of functions. For example, many can overlay the banking app interface with their own, making it seem as though the user is entering data in the banking app while in fact giving it to the Trojan, which logs the details and feeds them into the banking client so that the user suspects nothing. Also, in many cases, mobile banking Trojans intercept SMS messages from banks containing confirmation codes or information about withdrawals.

Source:    Kaspersky Lab