{
	"id": "a0bf350f-07c2-4b32-8b60-5b8e99bcedcc",
	"created_at": "2026-04-06T00:17:37.717226Z",
	"updated_at": "2026-04-10T03:21:32.098728Z",
	"deleted_at": null,
	"sha1_hash": "20120fda6f598a05d034dc8609548045116a1865",
	"title": "Mobile beasts and where to find them — part four",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 55859,
	"plain_text": "Mobile beasts and where to find them — part four\r\nBy Ilja Shatilin\r\nPublished: 2018-10-22 · Archived: 2026-04-05 22:26:40 UTC\r\nMobile beasts and where to find them — part one: Adware, subscribers, flooders, DDoSers.\r\nMobile beasts and where to find them — part two: Ransomware, wipers, miners.\r\nMobile beasts and where to find them — part three: Spyware, keyloggers, banking Trojans.\r\nIn part four of our study of mobile threats, we discuss the most complex and dangerous types of malware — the\r\nones that not only exploit Android capabilities, but are also able to tune your system to their taste and combine\r\nmultiple malicious functions.\r\nRATs — remote access Trojans\r\nRAT by name, rat by nature. Remote administration tools (RATs) can be used to connect to a remote device on the\r\nnetwork and not only view the screen contents, but also take full control, issuing commands from remote input\r\ndevices (keyboard/mouse on a computer; touch screen on a smartphone).\r\nRATs were initially created with good intentions — to help manage various settings and apps, well, remotely.\r\nAfter all, it is far easier for tech support staff to select the right check boxes and settings themselves rather than\r\ntrying to explain to the user what to do over the phone — and even easier for the user.\r\nBut in cybercriminals’ hands, RATs are transformed into a formidable weapon: Installing a Trojan on your\r\nsmartphone that provides someone with remote access to the gadget is like giving the keys to your apartment to a\r\nstranger. The malicious use of RATs is so common that the acronym increasingly stands for “remote access\r\nTrojan.”\r\nHaving connected to your device through a RAT, hackers can do as they please, including snooping on all your\r\npasswords and PINs, logging into banking apps and transferring your money, and subscribing you to unwanted\r\nservices that quietly eat up funds on your mobile account or credit card — as well as stealing your mail, social\r\nnetwork, and IM accounts to extract money from friends in your name. And that’s after copying all your photos to\r\nblackmail you later if any of them happen to be of a private nature.\r\nTypically, RATs are used for spying. Such malware allows jealous husbands or wives to spy on their spouses, but\r\nmore seriously, it can also be used for stealing corporate secrets. For example, AndroRAT (detected in spring this\r\nyear) sneakily takes pictures with the smartphone camera and records sound (including telephone conversations).\r\nIt also steals Wi-Fi passwords based on geolocation. This means that no negotiations are ever confidential, and it\r\nmakes penetrating the office network a piece of cake.\r\nRooting Trojans\r\nhttps://www.kaspersky.com/blog/mobile-malware-part-4/24290/\r\nPage 1 of 3\n\n“Root access” in some operating systems, including Android, is another name for superuser rights, which allow\r\nchanges to system folders and files. For regular user tasks, such access is completely unnecessary and disabled by\r\ndefault. But some advanced enthusiasts like to have it to customize the operating system. See our post Rooting\r\nyour Android: Advantages, disadvantages, and snags to learn why you should think twice before doing so.\r\nSome malicious programs, called rooting Trojans, can get root privileges using vulnerabilities in the operating\r\nsystem. Having superuser rights allows cybercriminals to configure your smartphone for their purposes. For\r\nexample, they can force the device to open full-screen ads. Or install malware or adware in the background,\r\nwithout any notifications.\r\nA favorite rooting malware trick is to secretly delete apps installed on the smartphone and replace them with either\r\nphishing or malware-augmented software. Moreover, superuser rights can be used to prevent you from removing\r\nmalware from your device. No wonder that rooting Trojans are considered today’s most dangerous type of mobile\r\nthreat.\r\nModular Trojans\r\nJack-of-all-trades modular Trojans can perform several different malicious actions, either simultaneously or\r\nselectively according to the situation. One of the most striking examples of such a Trojan is Loapi, detected in late\r\n2017. As soon as it penetrates a victim’s device, it immediately ensures its own safety by requesting administrator\r\nrights — and it won’t take no for an answer; if it is refused, the dialog window pops up again and again,\r\npreventing the smartphone from being used. And if access is granted, it becomes impossible to remove Loapi from\r\nthe device.\r\nThe Trojan then launches any one of five modules. It can display ads, subscribe the user to paid content by\r\nfollowing links, carry out DDoS attacks on command from a remote server, and forward SMS messages to\r\ncybercriminals, concealing them so that the user does not notice malicious transactions.\r\nAnd in its spare time, when not engaged with these important tasks, the Trojan stealthily mines cryptocurrency,\r\nmost often when the smartphone is connected to a power outlet or external battery. Mining is a complex\r\ncomputational process that gobbles up energy and resources, so the battery takes a very long time to charge. This\r\ncan have fatal consequences for phones: Our experts discovered firsthand that a couple of days of Loapi activity is\r\nenough to ruin a smartphone battery through overheating.\r\nHow to defend against the worst Android malware\r\nAs you can see, the dangers posed by RATs, rooting Trojans, and modular malware are serious. But you can guard\r\nagainst them. Here are some simple rules:\r\nFirst of all, block app installs from unknown sources. This option is disabled in Android by default, and it\r\nshould stay that way. It is no panacea, but it does solve most problems associated with mobile Trojans.\r\nDo not try to skimp by downloading hacked versions of apps. Many of them are infected.\r\nDo not click on links promising the moon. WhatsApp offers of free airline tickets are usually just an\r\nattempt to steal your personal data, and they download malware to your smartphone as a bonus. The same\r\nhttps://www.kaspersky.com/blog/mobile-malware-part-4/24290/\r\nPage 2 of 3\n\napplies to phishing, including texts from friends or strangers containing “Is this your photo?”-type\r\nmessages.\r\nDo not ignore updates for Android and apps installed on your device. Updates patch holes through which\r\nattackers can sneak into your smartphone.\r\nCheck what rights apps are asking for, and do not be afraid to refuse access to personal information and\r\npotentially dangerous functions in Android — in most cases, nothing terrible will happen if such requests\r\nare denied.\r\nPut a good antivirus on your smartphone. For example, not only finds and removes Trojans, but also blocks\r\nwebsites with malware and mobile subscriptions.\r\nSource: https://www.kaspersky.com/blog/mobile-malware-part-4/24290/\r\nhttps://www.kaspersky.com/blog/mobile-malware-part-4/24290/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.kaspersky.com/blog/mobile-malware-part-4/24290/"
	],
	"report_names": [
		"24290"
	],
	"threat_actors": [],
	"ts_created_at": 1775434657,
	"ts_updated_at": 1775791292,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/20120fda6f598a05d034dc8609548045116a1865.pdf",
		"text": "https://archive.orkl.eu/20120fda6f598a05d034dc8609548045116a1865.txt",
		"img": "https://archive.orkl.eu/20120fda6f598a05d034dc8609548045116a1865.jpg"
	}
}