Open main menu

Mobile malware

  (Redirected from Mobile virus)

Mobile malware is malicious software that targets mobile phones or wireless-enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware.



Cell phone malware were initially demonstrated by Brazilian software engineer Marcos Velasco. He created a virus that could be used by anyone in order to educate the public of the threat.[1]

The first known mobile virus, "Timofonica", originated in Spain and was identified by antivirus labs in Russia and Finland in June 2000. "Timofonica" sent SMS messages to GSM mobile phones that read (in Spanish) "Information for you: Telefónica is fooling you." These messages were sent through the Internet SMS gate of the MoviStar mobile operator.[2]

In June 2004, it was discovered that a company called Ojam had engineered an anti-piracy Trojan virus in older versions of its mobile phone game, Mosquito. This virus sent SMS text messages to the company without the user's knowledge. Although this malware was removed from the game's more recent versions, it still exists in older, unlicensed versions, and these may still be distributed on file-sharing networks and free software download web sites.

In July 2004, computer hobbyists released a proof-of-concept mobile virus Cabir, that replicates and spreads itself on Bluetooth wireless networks and infects mobile phones running the Symbian OS.[3][4]

In March 2005, it was reported that a computer worm called Commwarrior-A had been infecting Symbian series 60 mobile phones.[5] This specific worm replicated itself through the phone's Multimedia Messaging Service (MMS), sending copies of itself to other phone owners listed in the phone user's address book. Although the worm is not considered harmful, experts agree that it heralded a new age of electronic attacks on mobile phones.

In August 2010, Kaspersky Lab reported a trojan designated Trojan-SMS.AndroidOS.FakePlayer.a.[6] This was the first malicious program classified as a Trojan SMS that affects smartphones running on Google's Android operating system, and which had already infected a number of mobile devices,[7][8] sending SMS messages to premium rate numbers without the owner's knowledge or consent, and accumulating huge bills.

Currently, various antivirus software companies like Trend Micro, AVG, avast!, Comodo, Kaspersky Lab, PSafe, and Softwin are working to adapt their programs to the mobile operating systems that are most at risk. Meanwhile, operating system developers try to curb the spread of infections with quality control checks on software and content offered through their digital application distribution platforms, such as Google Play or Apple's App Store. Recent studies however show that mobile antivirus programs are ineffective due to the rapid evolution of mobile malware.[9]


Four types of the most common malicious programs are known to affect mobile devices:

  • Expander: Expanders target mobile meters for additional phone billing and profit
  • Worm: The main objective of this stand-alone type of malware is to endlessly reproduce itself and spread to other devices. Worms may also contain harmful and misleading instructions. Mobile worms may be transmitted via text messages SMS or MMS and typically do not require user interaction for execution.
  • Trojan: Unlike worms, a Trojan horse always requires user interaction to be activated. This kind of virus is usually inserted into seemingly attractive and non-malicious executable files or applications that are downloaded to the device and executed by the user. Once activated, the malware can cause serious damage by infecting and deactivating other applications or the phone itself, rendering it paralyzed after a certain period of time or a certain number of operations. Usurpation data (spyware) synchronizes with calendars, email accounts, notes, and any other source of information before it is sent to a remote server.
  • Spyware: This malware poses a threat to mobile devices by collecting, using, and spreading a user's personal or sensitive information without the user's consent or knowledge. It is mostly classified into four categories: system monitors, trojans, adware, and tracking cookies.

Notable mobile malicious programsEdit

  • Cabir: This malware infects mobile phones running on Symbian OS and was first identified in June 2004. When a phone is infected, the message 'Caribe' is displayed on the phone's screen and is displayed every time the phone is turned on. The worm then attempts to spread to other phones in the area using wireless Bluetooth signals, although the recipient has to confirm this manually.
  • Duts: This parasitic file infector virus is the first known virus for the Pocket PC platform. It attempts to infect all EXE files that are larger than 4096 bytes in the current directory.
  • Skulls: A trojan horse piece of code that targets mainly Symbian OS. Once downloaded, the virus replaces all phone desktop icons with images of a skull. It also renders all phone applications useless. This malware also tends to mass text messages containing malicious links to all contacts accessible through the device in order to spread the damage. This mass texting can also give rise to high expenses.
  • Commwarrior: This malware was identified in 2005. It was the first worm to use MMS messages and can spread through Bluetooth as well. It infects devices running under OS Symbian Series 60. The executable worm file, once launched, hunts for accessible Bluetooth devices and sends the infected files under a random name to various devices.
  • Gingermaster: A trojan developed for an Android platform that propagates by installing applications that incorporate a hidden malware for installation in the background. It exploits the frailty in the version Gingerbread (2.3) of the operating system to use super-user permissions by privileged escalation. It then creates a service that steals information from infected terminals (user ID, number SIM, phone number, IMEI, IMSI, screen resolution and local time) by sending it to a remote server through petitions HTTP.
  • DroidKungFu: A trojan content in Android applications, which when executed, obtains root privileges and installs the file ssearch.apk, which contains a back door that allows files to be removed, open home pages to be supplied, and 'open web and download and install' application packages. This virus collects and sends to a remote server all available data on the terminal.
  • Ikee: The first worm known for iOS platforms. It only works on terminals that were previously made a process of jailbreak, and spreads by trying to access other devices using the SSH protocol, first through the subnet that is connected to the device. Then, it repeats the process generating a random range and finally uses some preset ranges corresponding to the IP address of certain telephone companies. Once the computer is infected, the wallpaper is replaced by a photograph of the singer Rick Astley, a reference to the Rickroll phenomenon.
  • Gunpoder : This worm file infector virus is the first known virus that officially infected the Google Play Store in few countries, including Brazil.[10]
  • Shedun: adware serving malware able to root Android devices.
  • HummingBad - has infected over 10 million Android operating systems. User details are sold and adverts are tapped on without the user's knowledge thereby generating fraudulent advertising revenue.[11]

See alsoEdit


  1. ^ Gralla, Preston (2005). PC Pest Control: Protect Your Computers from Malicious Internet Invaders. Google Books. 1005 Gravenstein Highway North, Sebastopol, CA 95472, US: O'Reilly Media, Inc. p. 237. ISBN 0-596-00926-7. Retrieved 18 January 2014.
  2. ^ "Mobile Phones Swamped by E-Mail Virus". 7 June 2000.
  3. ^ Malware Goes Mobile, Mikko Hypponen, Scientific American, November 2006, pp. 70-77.
  4. ^ Hantula, Richard (2010). How Do Cell Phones Work?. Google Books. 132 West 31st Street, New York NY 10001, US: Infobase Publishing. p. 27. ISBN 978-1-43812-805-4. Retrieved 18 January 2014.
  5. ^ Computer Virus Timeline (
  6. ^ Android Virus Security Lab
  7. ^ "First SMS Trojan detected for smartphones running Android". Kaspersky Lab. Retrieved 2010-10-18.
  8. ^ "Information about Smartphone Virus and Prevention tips". Retrieved 2013-01-12.
  9. ^ Suarez-Tangil, Guillermo; Juan E. Tapiador; Pedro Peris-Lopez; Arturo Ribagorda (2014). "Evolution, Detection and Analysis of Malware in Smart Devices" (PDF). IEEE Communications Surveys & Tutorials.
  10. ^ Mobile virus hack Google Play user on Brazil
  11. ^ Samuel Gibbs. "HummingBad malware infects 10m Android devices". Retrieved 2016-07-06.

External linksEdit