Is it possible to catch a virus on your phone? Restricting access to data

A phone is no less susceptible to malicious attacks than a computer. To minimize the risk of intrusion, use an antivirus. Has the problem already made itself felt? You will learn further about how to remove viruses from your phone using Kaspersky for Android.

Kaspersky for Android: main features

Internet Security from Kaspersky Lab for tablets, Android smartphones– free, highly reliable antivirus software that guarantees reliable protection of personal data on the device. Enable access protection for the applications you use - and be sure of the security of your mobile phone. The software will quickly find viruses and put them in Quarantine.

Advantages of Kaspersky antivirus:

• Availability of background scanning - run system testing for threats when it is convenient for you.
• Maximum reliability – detected threats are blocked automatically.
• Application blocking function – you need to invent it secret code to protect personal information.
• Anti-phishing – protecting personal data when paying for goods and services on the Internet.
• Quick search devices in case of loss and theft.
• Anti-theft is simply a system for protecting personal data and preventing unauthorized people from accessing it.
• Phone blacklist: block unwanted calls and SMS - set up appropriate contact information and no one will bother you.
• Internet filter - the program itself blocks dangerous links and resources.

Kaspersky Lab guarantees the most effective protection against Trojans, spyware, viruses, is therefore widely known throughout the world. The program allows you to remove a virus from your phone in no time, without viewing intrusive advertising. It was created using advanced technologies, as you can see for yourself. The software is available in paid and free versions, their functionality may vary slightly.

Signs of virus infection

Your phone is infected with viruses if:

1. instead of the desktop background you see advertisements, different messages constantly pop up in the browser, games,
2. advertising appears after unlocking the device,
3. programs install themselves, and sites load as they please,

Viruses on Android come from malicious sites as a result of downloading corresponding programs or sending infected files. Your task is not to figure out where they came from, but to decide what to do with it.

How to remove a virus from Android

1. To remove a virus from Android, first try to remove all suspicious programs unknown to you. Standard OS capabilities are sufficient for this. These actions can solve some problems. Then make sure that there are no programs running on your phone. background programs. Look for extra software in the "Applications" section ("Settings" menu). Suspicion should be raised by any programs that have unclear names, occupy a large amount of memory, or require some kind of destruction (for example, access to the address book).

Download software only from the websites of official developers, so as not to install malware on your device along with the antivirus. You need to carry out the scan as problems are discovered and simply from time to time, for preventive purposes, since some malware may not make itself felt and at the same time steal your data.

Mobile phones have long replaced computers in the device market, while the problems of the “big brother”, alas, remain in force. The fact is that virus creators are looking closely at Android smartphones and tablets, and the amount of malware for the mobile platform raises reasonable concerns.

The most dangerous mobile viruses

There are many types of malware, and they vary in risk level:

• Viruses, Trojans and worms, having settled on mobile devices, delete files, encrypt data, transfer files to the Internet without the user’s knowledge;
• Spyware, incl. Keyloggers record user actions and make them available to attackers. The main danger is leakage of confidential data (passwords, account numbers, photos and videos from the camera)
• Popup ads are annoying banners that cannot be turned off. These viruses do not pose a big threat, but they significantly worsen the user experience and slow down work with the mobile device.

In general, the task of any malware is to attack the target device by finding a vulnerability, a gap in the system. Viruses not only damage files, but also steal confidential information. The most harmful viruses block access to the system and extort money for a password to unlock it.

Checking if there is a virus on my phone

If your phone behaves strangely, this is a cause for concern. Consistently check the checklist to see if similar symptoms are observed on your device.

1. Intrusive advertising (adware) pops up

If you have not installed any paid applications, but banners and popup windows began to appear on their own, this may be evidence of a viral infection.

Some adware viruses (for example, Adware.MobiDash) display windows with links on the screen. By clicking on the URL, you are redirected to an unsafe site from where an apk file is downloaded, after which mobile device becomes infected.

2. The volume of Internet traffic has increased significantly

Many mobile viruses actively use the Internet to transmit data, which leads to an increase in traffic consumption. Therefore, we advise you to check the statistics as quickly as possible through the Android settings: Settings – Connections – Data usage – Mobile traffic.

If you notice a significant difference compared to your internet activity, this is a signal that malware is active on the device.

In addition to damage to the operating system and user data, all this can lead to increased financial expenses, especially if your operator’s tariffs are high.

3. Unauthorized Internet access

In addition to consuming traffic, viruses easily connect to wi-fi, mobile network, changing the phone settings at your discretion. While you reproach yourself for forgetting to turn off mobile data while roaming, the virus will harm your phone at your own expense.

4. Increased subscription fee for mobile calls and SMS

Viruses have learned to call and send SMS on behalf of the user. Order from mobile operator details (printout) of calls. Check if all the numbers are familiar to you. Also check the text of outgoing text messages/sms.

5. Battery drains quickly

Viruses that operate like other programs actively consume battery capacity. If battery consumption has increased and the battery is draining quickly, this is a sign of a viral infection.

Check applications that consume battery: Settings - Optimization - Battery. Data for each application and process is available here.

At the same time, you cannot always track the activity of viruses through battery statistics: particularly cunning representatives cover their tracks and disguise themselves.

6. Brakes and glitches

As already mentioned, worms, viruses, and keyloggers are not shy about using up your phone’s resources. Virus writers don't bother to optimize their programs. Therefore, a small virus can slow down the operation of the mobile OS and individual applications several times.

An increase in glitches can also be a sign of infection: applications close on their own, do not open the first time, or do not start at all.

7. The appearance of unwanted applications

Viruses are disguised and introduced into other applications. If you downloaded the software not from the official store Google Play, there is a risk of installing malware in addition, which is sometimes difficult or impossible to remove without doing a hard reset.

How to protect yourself from viruses: simple rules

Basic security rules must be followed to prevent your phone from becoming infected. It's easy to do, just follow the rules listed below.

1. A good effective antivirus or firewall does not fit.

Check regularly mobile phone for viruses. It is not necessary for applications to run constantly and load the device’s resources - you can conduct a comprehensive anti-virus scan several times a month and, in addition, use online anti-viruses.

4. Perform a factory reset by doing backup copy the files you need. Note that most often this is the fastest and safe way getting rid of viruses.

Conclusion

Don't be paranoid about virus threats. The main thing is to monitor the security of your mobile device. The first step is to check for viruses on your phone right now.

We hope you have taken basic virus protection measures and your device is no longer in danger. If all else fails and they have penetrated your mobile device, write to us. Describe your symptoms in detail and we will tell you what can be done to get rid of the malware.

If your device starts to work poorly and take on a life of its own, then most likely your phone has caught a virus.

The main “symptoms” of an Android device being infected with a virus:

• The phone turns on longer than usual;
• there are numbers in the call list that are unfamiliar to you;
• excess funds are debited from the account;
• you are unable to use your electronic wallets and other financial management systems;

• your pages in in social networks used for the purpose of sending prohibited materials or spam.
• The battery will discharge much faster, because the virus program consumes a lot of energy.

Removing viruses with 360 Security Lite

The most in a simple way“curing” an Android device from malicious files and programs is to clean it using an antivirus program.

360 Security Lite is one of the most popular antivirus programs for Android devices. To clean your device or ensure future protection, you should:

1. Install.

2. After installing the application, click on the icon on the desktop and launch the program.
3. In the Antivirus tab, click the Scan button.

4. The application will begin scanning your device for viruses.

5. The next step is to remove the malware software. If you find something - no quarantine is needed - immediately set the switch to the delete position for everyone.

Note: I think it’s obvious to everyone that this method only works if the Android device is fully functional. The same applies to other antivirus programs.

We use Avast Mobile

Another good antivirus application is Mobile Security & Antivirus Avast. Read below for exactly how to use it.

1) Download the application from the official website or install.
2) Please note that you have read the license agreement and privacy policy.

3) Go to Smart check - Check device.

4) The antivirus will immediately begin updating the virus database.

5. Once the scan is complete, you will be asked to select actions in relation to the threats. Now the antivirus will monitor your device.

Treatment in safe mode

The thing is that the vast majority of virus programs do not work in safe mode. This means that if you run the device in this mode, the virus simply will not work, so it can be easily removed.

To start Safe Mode, follow these steps:
1. Press and hold the device's power button.
2. Hold your finger on "Disable device" until you see this message:

Once your Android device is in safe mode, scan it with an antivirus and remove malware. If the antivirus program does not start, reinstall it by downloading it again from Google Play Market.

How to avoid catching the virus again - prevention

To prevent viruses from infecting your device, follow these tips:

• install applications of any kind only from trusted sources, for example, from Google Play Market, here administrators carefully check their content;
• install from sites you trust - for example: site :-)
• Always update your device's OS;
• Do not visit suspicious sites and do not click on links like “Your Android device is blocked” or “Viruses have been detected on your phone”; if you click on such messages, you will definitely acquire a virus.

Brief summary

In this article, I told you how to solve the problem of viruses on Android devices. I hope it will be useful to you, and you can easily get rid of unwanted and extraneous programs. Good luck!

Android phones and tablets are gradually replacing computers with Windows control. The operating system becomes attractive to scammers who develop virus programs. Android's vulnerability to viruses allows attackers to gain access to user SIM cards, passwords accounts and electronic wallets, as well as to bank accounts. Smartphones and tablets are protected by built-in Google blockers, as well as antivirus programs. Read our article about how to remove a virus from an Android phone and whether the device needs an antivirus.

Virus programs are divided into four groups:

• depleting the user's balance;
• stealing access to electronic wallets and bank cards;
• storing personal data - logins, passwords, documents;
• blocking device.

Every year, new blocking components appear in antivirus software, and unique protective mechanisms are developed to block malicious programs. However, viruses continue to attack smartphones and tablets. This happens largely due to the fault of users who ignore pop-up system windows with danger warnings. The desire to install the game is sometimes stronger than the thought of a possible charge of money or blocking of the gadget.

An antivirus is necessary to protect Android devices, provided that the user responds to warnings and follows the program's instructions.

How viruses get into the system. How functions are blocked

Viruses penetrate smartphones and tablets due to user inexperience.

Path of entry	Solution
Advertising	To avoid downloading a virus, the user only needs to close the advertising page, but the message directly states the consequences of inaction: “the application will not work correctly without updating; you will not be able to watch movies; there is a possibility of infection with a virus” and others. The user gets scared and reluctantly clicks the “Update” button. A virus application is installed on the system.
Application Attackers play on the user’s desire to get a game or application for free, so they create analogues paid programs from the Market, adding malicious code to them.	Install applications only from the Play Market and official developer sites. Install applications only from the Play Market and official developer sites

Common manifestations of viral activity:

• increased battery consumption;
• increase in expenses for mobile communications, regular debits of small amounts from the balance;
• appearance of unfamiliar files and applications;
• slow operation of the gadget;
• the appearance of pop-ups and banners.

Most viruses do not manifest themselves, and the user understands that his gadget is infected only at the moment of debiting funds from the card or e-wallet.

List of effective antiviruses

If you discover that your smartphone is infected with a virus, first take out the SIM card to avoid zeroing your balance. Next install antivirus program and scan the system. Applications can be downloaded from the Play Store or from the official website of the developer. To install an .apk file from a computer:

1. Go to the antivirus developer's website and download the installation file.
2. Connect your smartphone or tablet to your PC in storage mode.
3. Open the removable disk and copy the antivirus file to the selected folder.
4. Disconnect your device from your computer.
5. In the gadget menu, find File Manager and use it to open the folder with the antivirus file.
6. Install the program.

Before installing the antivirus, allow the installation of applications from unverified sources in the “Settings - General - Security” menu.

An overview of effective free antivirus programs is given below.

Avast Mobile

AVAST antivirus is available to users for free in Play Store. Antivirus features:

• protecting your smartphone or tablet from viruses;
• scanning applications for malicious elements;
• scanning Wi-fi networks;
• firewall;
• cleaning RAM.

Download and install the program. To start a scan:

1. Open your antivirus.
2. In the main window, select "Test device". The antivirus will identify problems and vulnerabilities and offer to correct the situation.
3. Remove detected malicious files by clicking "Fix".

Gallery - using AVAST

If a virus is found in an application, open the application blocker and stop the malicious program, and then uninstall it.

AVG AntiVirus Security

AVG's antivirus application ensures the security of the user's personal data. Program functions:

• real-time scanner;
• scanning files and applications for viruses;
• searching for a lost smartphone or tablet;
• completion of processes that slow down the operation of the gadget;
• blocking unauthorized access to confidential applications.

AVG antivirus can be downloaded from Google Play. To scan your system for viruses, open the application and click the “Scan” button.

The program allows you to selectively scan suspicious folders and files. To start the process:

1. In the main window, select “Protection”.
2. Select "Check Files".
3. Check the boxes for folders and files to scan and click “Scan”.

Gallery - working with AVG

Step 1: Click the "Scan" button
Step 2: Remove malware if necessary
Step 3. Run a scan for suspicious folders

Step 4. Mark suspicious folders for scanning
Step 5. The smartphone will scan, then evaluate the results

Delete infected files and set a daily timer scan of the device.

Mobile Security and Antivirus (ESET)

Mobile Security from NOD32 protects the user when surfing the Internet and making online payments. Program functions:

• protecting your device from virus threats;
• filtering of unwanted SMS messages and calls;
• application review and management;
• scanning files;
• anti-phishing.

After installation, the program prompts you to enable real-time protection, and then automatically scans your smartphone or tablet for viruses. You can pause the scan by going to the “Antivirus” section and clicking the corresponding button. In the same menu, scan settings are available - “Deep”, “Intelligent” and “Fast”, as well as database updates and a list of quarantined files.

Gallery - working with ESET NOD32

Anti-phishing is available to users who have purchased the Premium version. ESET embeds its components into the browser and blocks malicious sites that collect personal information user.

The Security Scan menu allows you to detect and eliminate device vulnerabilities for viruses. The antivirus also examines applications for the presence of rights that harm the security of the Android system. And if, for example, a weather widget requests access to SMS messages, ESET signals this.

Trust&Go Antivirus and Mobile Security

TrustGo developers pay special attention to the activity of suspicious applications. After installation from the Market, the program starts scanning and protection in real time. When installing an unsafe application, the program alerts the user about possible risks, and blocks particularly dangerous ones.

To check your gadget for viruses, open the main program window and click “Scan”. The program will scan, find dangerous files and offer to delete them or mark them as trusted. If you are not sure about the reliability of the application, it is better to select the “Delete” option.

The antivirus assigns security ratings to installed applications. You can view them in the Application Manager and, if necessary, remove risky programs.

Gallery - using the TrustGO program

Do not install two antiviruses at the same time - the protective components conflict with each other and reduce the degree of protection. If you want to make sure that the malicious application is destroyed, download and run several antiviruses one by one.

Video - how to remove a virus from Android yourself

What to do with a virus if the antivirus did not help

If the antivirus cannot cope with the malicious application or does not detect it, the virus will have to be removed manually. There are four key ways to combat viruses on Android:

• disabling administrative rights and subsequent removal of the application containing the virus;
• checking your smartphone or tablet with antivirus on your PC;
• reset settings to default;
• flashing a smartphone or tablet.

The method of eliminating the virus depends on its type.

Trojan

Trojan programs penetrate the system and collect personal data of the gadget owner, and also send requests to premium numbers. If you have root rights and know which application is causing harm, open the file manager and go to the application directory along the path data/app. Once you remove the dangerous program from the folder, you don’t have to worry about virus activity.

If you don't have root access, restart your smartphone or tablet in recovery mode. To do this, turn off the device, and when turning it on, press the power and volume down/up buttons simultaneously. From safe mode disable administrator rights for the application with the Trojan and remove it.

Virus that installs applications on the phone

The most dangerous virus is one that can independently install applications and create its own files in directories. Having received administrator rights, the application infected with the virus installs intrusive banners and programs, penetrating deep into the system. As a result, the gadget freezes and stops working normally. To eliminate a virus:

1. Check your device with antivirus programs. Remove all suspicious applications.
2. Open the application manager through "Settings - General - Applications - All" and manually remove unknown programs, having previously cleared the cache and stopped their operation.
3. Root your device using the Kingo app Android Root or Farmaroot.
4. Disable Internet access, download Root App Deleter and delete the remaining virus files.
5. When the Internet is turned off, manually delete residual files left by viruses from the system/app folder. Use ES Explorer.

If your smartphone or tablet is infected with the Android.Becu.1.origin virus, the method described above does not help. Try blocking the activity of the malicious application:

1. On the list installed programs Find the infected package file com.cube.activity, open it and select “Disable”.
2. Uninstall the support packages left by the virus: com.zgs.ga.pack and com.system.outapi.

The virus will be suspended.

Com android systemUI

Launching com.android.systemUI is triggered by a Trojan installed on the smartphone along with an unlicensed application or game. The virus downloads to Android system advertising applications, porn site banners, second-rate cleaners and battery boosters. You can remove the virus only if you have root rights:

1. In the Application Manager, find the program containing the virus, open it and select Stop. Next, click “Clear cache” and “Delete”.
2. Open a file manager (ES Explorer or X-Plore), go to the “Root - System - App” folder and find the com.android.systemUI file inside.
3. If this is not the case, the virus developers have come up with a different name for the file. Find the file by installation date - it must match the installation date of the infected application.
4. Remove the virus file. If necessary, use the "Delete 2" application.

The virus will stop working after you reboot the gadget.

Ransomware viruses - Ministry of Internal Affairs banners, battery damage

The ransomware virus prevents you from using your smartphone or tablet, displaying a banner in full screen that reads: “Your device has been blocked by the security service of the Ministry of Internal Affairs of the Russian Federation.

To activate access to the device, transfer 300 rubles according to the details." There are three ways to remove a banner and the virus that caused it:

• factory reset via Android recovery mode;
• uninstalling the application through safe mode;
• flashing the gadget.

In safe mode, Android can only be launched system applications- accordingly, the virus will be inactive. To launch safe mode and uninstall an infected program:

1. Turn off your smartphone or tablet.
2. While turning on, hold down the lock and volume buttons at the same time.
3. Open Settings - General - Applications - All.
4. Select and stop the malware.
5. Clear the cache and uninstall the application.

Use flashing and rolling back to factory settings only as a last resort - these methods lead to data loss. To reset settings:

1. Connect your gadget to your PC.
2. Activate Recovery mode.
3. Select wipe data/factory reset and click
4. On your computer, copy important data from a removable drive and format it.

After rebooting, the smartphone will return to factory settings, and the virus will be removed.

Security/Firewall service

The virus interferes with the operation of the browser and applications. When the program starts, a black screen opens with the words Firewall Service. If you simply close the window, it starts again.

Antiviruses and traditional methods do not work against Trojans. To remove a virus, uninstall the application with which it was installed, then gain root access and use file manager remove the Firewall Service (gmk.apk) and SecurityService (gma.apk) files from the system/app folder. After a reboot, the virus will stop working. If this does not happen, repeat the steps, but to delete .apk files, use the “Delete 2” program instead of the usual manager.

Engriks

Engriks is a virus that triggers the display of intrusive banners and installs “fraudulent” applications on a smartphone or tablet. After detection and removal by the antivirus it occurs again.

A hard reset, that is, rolling back the system to factory settings, helps to cope with the malware. To perform a hard reset:

1. Turn off the device and when you turn it on, go into recovery mode.
2. Select wipe data/factory reset from the menu.
3. Wait for the final reset.

Advertising virus in the browser - how to block

Certain viruses only infect mobile browsers. Having opened the Internet viewer, the user sees instead of pages advertising banners, often obscene content. It is impossible to close the advertisements; they appear again. Most often, the virus is hidden in the browser cache, and to combat it you just need to clear the cache:

1. Go to the menu “Settings - General - Applications - All” and select the browser in which banners are bothering you. Open it.
2. Click the Clear Cache button and then Stop.

If the banners appear again when you restart the browser, uninstall the viewer itself and install it again, after scanning your smartphone or tablet with an antivirus.

SMS Manager: how to block the threat yourself

SMS viruses send requests on behalf of the user for paid short numbers, for which amounts from 30 to 300 rubles are debited from the balance. The user does not immediately notice the charges - today there are few people who track the balance on the number. To remove a virus:

1. Go to Application Manager.
2. Find recently installed applications that request access to SMS messages.
3. Delete them by first clearing the cache and erasing the data there, in the Manager.
4. Install an antivirus and scan the system.

Remove detected malware. The antivirus may display a warning that if you uninstall the application, you will lose all your data. This is the machinations of the virus developers - they deliberately replace the text of the system message so that the user gets scared and refuses to remove the malware.

Video - removing a virus from CCleaner

How to remove a virus file using a system computer or laptop

If after all the steps the virus continues to cause harm, check your smartphone or tablet with an antivirus via your PC. For this:

1. Connect the device to the computer in storage mode.
2. Open an antivirus on your PC (use Dr. Web or Kaspersky) and run a custom scan.
3. Mark for checking the removable drives that appeared when you connected the gadget.
4. Delete detected files.

After checking, turn off your smartphone and restart it to completely eliminate virus activity.

Prevention of viruses on smartphones and tablets

After removing the virus, take care of the security of your smartphone or tablet in the future. Install an antivirus program and set a weekly timer scan. When working with the device, follow the rules:

• install applications only from the Play Market and official developer sites;
• do not skimp on paid programs;
• in the device settings, uncheck the “allow installation from unknown sources” option;
• try not to download applications that request access to SMS and calls;
• If you see a message on any website about the need to update one of your applications, ignore it - update only through the Play Market;

Do not perform important operations while working over Wi-Fi - traffic can be intercepted by attackers.

By using an antivirus program and a thoughtful approach to installing applications, you will protect yourself and your device from the negative effects of viruses and malware. If a virus has penetrated your Android, do not follow the lead of the scammers, but consistently try to eliminate it using various methods.

Let's start with the “fresh” thing - Triad today can be considered the newest and “bulletproof” virus for smartphones. It was discovered only in March 2017.

It is unique in its proximity to classic viruses, and not ransomware Trojans, as is usually the case on Android. You still need to manage to pick it up from “unverified sources,” but then a much fun “action movie” begins:

Triada is a virus that not only misbehaves in the system, but wedges itself into its vital areas

1. Triada turns on after you install and give permissions to your favorite music downloader from VKontakte, for example. Afterwards, the program quietly finds out your smartphone model, firmware and Android version, amount of free space on storage devices and a list of installed applications. AND sends this information on the Internet, to your servers. There are a huge number of these servers, they are scattered in different countries, that is, it will not even be possible to come and organize a “mask show” at the location of the server with the malware.
2. In response to Triada receives instructions(really, an individual approach to the patient!), how best to hide yourself specifically in this version of Android and this smartphone, is embedded in each (!) of the installed applications and takes control of system components to hide yourself in the list of installed applications and running processes. After this, the part of the virus standing alone in the system “covers up” its tracks - it no longer works as separate application, but coordinates its actions with the help of pieces of the infected system.
3. Done, the system is conquered! From this moment on, the smartphone turns into a “puppet” to which attackers give commands at a distance and receive information on any of the available servers. Now Triada acts primitively - it finds out the data of your bank card, withdraws money from her, takes it out incoming SMS codes needed for payment, “draws” false numbers about the balance to the owner.

But with the ability to “gut” any installed application or install a new one at a distance - these are just “flowers” ​​- the peculiarity of the “Triad” is that it is a modular virus, you can attach the most different types remote tricks.

As you can see, viruses for Android are not only primitive “your phone is blocked, you’re charged a hundred bucks”, which you can get rid of by deleting the application. And, if in new versions of Android it is at least more difficult to access root and you can see something suspicious at the stage of requesting rights by the application, then older versions (Android 4.4, 4.3 and older) are absolutely defenseless against a new infection - only a complete flashing will save you.

Marcher

The so-called “banking malware” was developed back in 2013, but its “finest hour” came only in the summer of 2016. Famous for good camouflage and “internationalism,” so to speak.

Marcher is a simple Trojan that does not do anything supernatural, but simply replaces the service pages of a huge number of banks using pop-up windows. The mechanism is as follows:

• Trojan penetrates the system along with the infected application. The peak of Marcher's popularity came with the "freshly stolen" versions of Super Mario Run from Nintendo. If you don’t remember, this is such a super-promoted “runner” from the creators of Pokemon GO!
• Searches for banking applications on your smartphone and online shopping applications selects “blanks” in accordance with which bank you use.
• Sends a “bait” to your smartphone- a message in the notification shade with a bank/store icon and a message in the style of “N rubles have been credited to your account”/“75% discount coupon for any product today only!”
• Owner smartphone clicks on the notification. After which the Trojan opens exact copy , a 1-in-1 page similar to the one you are used to seeing in the official application. And it says something like “the connection to the network has been interrupted, please re-enter your bank card details.”
• Owner smartphone enters bank card details. There's a lot of money here!

“Dude, I somehow forgot your card number. Don't you remind me?

In this simple way, the Trojan faked the process of buying airline tickets, purchasing goods in online stores and software on Google Play, and the operation of banking applications. Users of bank cards in Germany, France, Poland, Turkey, the USA, Australia, Spain, Austria and the UK were targeted. Initially, the virus was “sharpened” for Android 6.x; there were significantly fewer smartphones running other versions.

Loki

Not even just one, but a whole cascade of “chameleon” Trojans, not as criminally severe as Triada, but just as painful for operating system. Antivirus specialists paid attention to the malware at the beginning of 2016, and the malware began to penetrate en masse into people’s smartphones already in December 2016.

Loki is such an organized robbery by prior conspiracy in your smartphone

The malware acts so quickly and smoothly that you want to give them a standing ovation. Just look at this “multi-move”:

• The first Trojan enters the system with a safe application and starts with it. After this, it immediately “requests reinforcements,” that is, it downloads the second Trojan from its sources and installs it with a pack of tools to obtain root rights. It monitors the system, waits for the smartphone user to turn off the display, and in this mode extracts root. Then he launches his “colleague”.
• Second Trojan intercepts root rights, gains access to the /system partition (“factory” firmware files, which are saved even after resetting the settings), unpacks a couple more Trojans and shoves them into “fireproof” system partitions.
• Third Trojan comes to life in this very section /system, in which it replaces the part of the system responsible for loading and removes the standard “gibles” of Android. If by some miracle the owner removes all previous viruses and gets to the third Loki, with its removal the smartphone firmware will “die.”
• At that time fourth of the Trojan cascade operates from a protected system folder, from where it downloads another pack of viruses, “twists” advertisements, or simply increases the counters of application downloads/website visits on an infected smartphone. Blocks the downloading and installation of antiviruses, improves its protection.

It is impossible to “uproot” the traces of this violent activity from the smartphone’s brain, so an infection can be “cured” using Loki only by completely reflashing it with the loss of all data.

Faketoken

If previous Trojans deliberately act on the sly so that the smartphone user does not realize about the infection until the last moment, then Faketoken is simple and straightforward in its approach, like an experienced gopnik - it demands to be given the rights to any actions with the smartphone, and if the owner refuses, the algorithm comes into play “Listen, why don’t you understand? Then I’ll repeat it!”

1. First, the user is forced to give administrator rights to the virus

• Install you mean application with the usual label from some site vasyapupkinsuperwarez.net. You launch it, and after that they begin to “torture” you.
• The Trojan opens a system window asking for administrator rights. In the best democratic traditions, the owner of a smartphone has two options - to allow the Trojan access to the system, or not to allow it. But in case of failure, Faketoken will open again request window system rights , and will do this constantly until the smartphone user capitulates.
• After this, using the same thermorectal cryptanalysis method, the Trojan obtains rights to display pop-ups and replacing myself standard application to send SMS.
• After success in the Trojan conquests contacts its command and control server on the Internet and downloads from there template phrases in 77 languages, which he will then use to blackmail the mobile phone user.
• Then, using prepared phrases, Faketoken begins to mess with the system full screen messages in the style of “confirm the name and password of your Gmail account” and “we now have to link a card in Google Play, enter the required data.” Until the bitter end, of course.
• The Trojan frolics in the system, sends and receives SMS, makes calls, downloads applications. And finally, it locks the screen, encrypts all files in internal memory and microSD and demands "ransom".

Godless

The Godless Trojan is impressive not even for its, so to speak, functionality, but for its camouflage - for a long time its presence in applications was not recognized even by the vaunted anti-virus scanning system on Google Play. The result is a little predictable - the malware infected over 850 thousand smartphones around the world, and almost half of them belong to residents of India, which seems to hint at the origin of the Trojan.

If you download a flashlight from Google Play, you get an undeletable virus with encryption and root rights

The functionality of the Trojan is slightly different from its many colleagues in 2016; only the “beginning” is new:

• Smartphone user downloads application from Google Play, turns it on, as a result of which the Trojan is launched along with the application. Just don't think something bad about Google check, because there is no malicious code in this “kit” - the Trojan downloads the malicious code when it is first launched.
• To begin with Godless mines on a smartphone root rights, free without SMS. Using approximately the same set of tools as in your Towelroot, for example. The Trojan carries out such operations when the screen is off.
• After this, the arrogant Trojan sends itself to the /system folder (from where it can no longer be deleted without flashing) and encrypts itself using an AES key.
• WITH complete set Godless access rights starts little by little steal personal data users from a smartphone and install third party applications. In its initial versions, the Trojan, by the way, hid the standard Google Play from the user’s eyes and replaced it with a “parody” through which it stole the name and password from the account.

Among the applications that Godless was most often “attached” to were numerous “flashlights” and clones of famous Android games. viruses. worms , Trojans , adware (intrusive advertising) And "horror stories", but almost no one cares about such subtleties. They say that viruses are viruses.

The differences between the “grades of joy” are as follows:

• Virus is a malicious program that sneaks onto your computer unnoticed due to system vulnerabilities. And, most importantly, it does not engage in sabotage on its own, but infects other files in the system. In the case of Android, such malware would have to penetrate after a banal click on an advertisement or visit a website, and then “rewrite” Gmail, VKontakte and other applications for itself in such a way that after the removal of the original virus, the infected applications would continue to do their dirty deed.
• Worm- does a bad job and harshly, mercilessly, with all possibilities, distributes himself through all communication channels. On computers, worms sent themselves via e-mail, instant messengers, local network, flash drives - that is, they cloned themselves in the most shameless way.
• Trojan never knocks on the system from the outside - you install and launch the malicious program yourself. This happens because Trojans replace ordinary, familiar and well-known applications, and sometimes they are simply “sewn” onto completely functional programs. That is, you buy and download a useful program and receive a malicious one as a gift!
• "Scary stories" (scareware)- applications that cause panic: “Oh God, your entire smartphone is full of viruses and applications for wiretapping by intelligence agencies around the world! Download our antivirus and find out the whole truth!” You download, run, conduct a so-called scan, after which the program says: “There are a terrifying number of viruses in the system! Your phone will die if you don’t remove the viruses, but to do this you must enter your bank card details here and here.” This beauty is often ignored by all antiviruses, because it does not hack or steal anything from the system - it simply deceives the buyer and asks for money.