The number of threats to mobile devices is skyrocketing

along with the growth in handheld sales. Android’s popularity is encouraging criminals to produce a large number of malicious programs for this operating system.

Malicious programs for Android

Modern smart phones and tablets are equipped with operating systems that are packed with features and make tempting targets for cyber criminals. This is evidenced by the steady growth in the number of new malicious programs for handhelds being received by the Dr.Web anti-virus laboratory. Gadgets offer criminals far greater opportunities than PCs do. Many of them are equipped with cameras. All phones have microphones. Some use GPS receivers. All these features come in handy in real life situations if the device is controlled by its owner. But what happens if criminals take over control of the device?

Today’s malware for mobile devices is already able to:

Gain access to confidential information stored on devices,

And steal social networking and remote banking passwords, credit card numbers, etc. Criminals can use this information for blackmail or identity theft, or sell it to a third party (Flexispy, Mobile Spy, Mobistealth, or Android.AntaresSpy.1).

People use mobile devices for work, too. Employees work when commuting or at home, store their corporate data on their personal devices, and access their corporate environment from their handhelds. That"s why data theft occurring on personal devices poses a severe threa.


money from bank accounts and exploit online payment processors, send chargeable SMS to premium numbers

Banking Trojans for mobile devices

Programs that intercept SMS with TAN-codes that are used to verify online transactions are particularly dangerous.


Banking Trojan Android.spyeye.2.origin 1. When a user visits a bank site whose address is present in the Trojan horse"s configuration file, the malicious program injects contents, such as text and web forms, into the web page. An unsuspecting victim loads a bank page in their browser to access their account and discovers that the bank has introduced new security measures with which they must comply in order to use the online banking client. They are also prompted to download a special application—it contains this Trojan horse.

SMS interceptor Android.Pincer. This malicious program is spread as a security certificate that supposedly must be installed onto an Android device. If started by careless users, Android.Pincer displays a message about supposedly successful installation of a security certificate to the mobile device. At startup, Android.Pincer.2.origin will connect to a remote server and send it information about the mobile device. Android.Pincer.2 can be employed for targeted attacks and steal specific short messages from specified numbers, e.g. transaction verification SMS containing mTAN codes.

Lock the phone or facilitate remote control over it:

e.g., bar unwanted incoming calls to disrupt communications when necessary ( Android.Plankton, Android.Gongfu (Android.DreamExploid), Android.GoldDream).

Send short messages without user consent and make calls to premium-rate numbers

t.e. cause financial losses (Android.smssend).


Use the device"s microphone to record conversations, acquire location data (to determine the user’s presence or absence in certain locations), take photos and record video, track web browsing, and call and messaging history.

Without a proper defence, your mobile phone will no longer belong to you!