Kaspersky Lab researchers have discovered a harmful program for mobile devices Android platforms, which covers a whole spectrum of technical possibilities. The company's security researchers said that actions with the function of a Trojan virus (malware) have been identified for the first time.

“Most of the Trojans are similar: after sneaking into the device, they steal the payment details of their boss, obtain cryptocurrency for the criminals, or encrypt the data in order to extract a ransom. “Also, sometimes there are more copies that may be able to guess Hollywood films about spies,” says Kaspersky Lab, which is dedicated to the virus.

There they discovered that the faulty Skygofree program had 48 different functions, including unique ones that the facsimile companies had not previously encountered with malware.

For example, the Skygofree Trojan can monitor the progress of an infected device and start recording sound at the moment when its leader is in the singing place.

Another great trick that you can use to master Skygofree is to easily connect an infected smartphone or tablet to a Wi-Fi network, which is under the close control of criminals. “I’ll install the device by turning on Wi-Fi on the device,” said Kaspersky Lab.

This allows not only to analyze the victim’s traffic, but also to read logins, passwords or card numbers entered by the customer. Also, malware can run behind a whole range of instant messengers, including Facebook Messenger, WhatsApp, Skype and Viber, collecting their text notifications.

“Nareshti, Skygofree can secretly hide front camera And get a note if the user unlocks the device,” the experts added.

• Reuters
• Robert Galbraith

The company's representatives discovered Skygofree in early 2017, but as the malware developed, it became clear that initial versions of this program were created in late 2014. Since then, the functionality of the Trojan has greatly increased and the program has developed several unique features.

Based on data from Kaspersky Lab, Skygofree has expanded its presence on Internet sites that operate as websites. mobile operators and dedicated to optimizing the speed of the mobile Internet.

According to the company's data, the virus attack was detected by only a few private employees, including in Italy.

Also, during the investigation of the malware, a number of malicious tools for Windows were discovered, and a program was installed to attack this operating system, which is still unknown.

"Vin does not attack hundreds of thousands of Koristuvachs"

RT spoke with Kaspersky Lab antivirus expert Viktor Chebishev, who provided details about the new virus. Behind the words, Skygofree went into long time ago to lose the unknown, the fragments of this Trojan spyware are the undocumented capabilities of the system and advance their privileges in such a manner that all their activities are lost behind the scenes.

He is considered to be at the level of the system, and all the possibilities that he realizes are absolutely clear to the investor. “Totally, a koristuvach does not engage in daily activity, is not a stranger to daily activities, and is simply lost in the unknown,” Chebishev explained.

Spyvrozmovnik RT clarified that creating such a program is not easy, and a whole team of professionals worked on it. high level, which is understood on all the particularities operating system Android.

According to the words of the antivirus expert, another feature of the virus that allowed it to act unnoticed is its narrow directness, the sharpness of Skygofree to attack a specific user.

“This is a big deal, which is not oriented towards the mass segment. Vіn does not attack hundreds of thousands of koristuvachs, taking the guts out of them. This is a powerful addition that attacks specific people,” Chebishev said.

“They create it in such a way that it is invisible both to the victim and to decide everything. Plus, it has mechanisms for cleaning up traces, which is known after it has been performed,” the expert added.

• Viktor Chebishev: this is a spy, not oriented towards the mass segment

He clarified that devices on the Android platform were targeted by the spygun virus, since the system itself allows you to install add-ons from third-party devices, and not just from the official add-on store Google Play. Proteus for such useless programs may not be the same as an Android device.

“In other operating systems, this is possible every day; all programs are installed from one centralized device and are moderated. And the possibility of infection in this manner is minimal. Prote is not turned on,” the expert explained.

“This whole team, one might say, is organized in a malicious way. Resources are serious,” said Chebishev.

The expert clarified that the main purpose of the discovered Trojan was not to attack large numbers of people. The program is licensed for spying itself, specific person, At the device there is “sagging”. In other words, the spectrum of stagnation of these programs can range from industrial espionage to governmental services.

“The main goal of this Trojan is the understanding of what is going on with the victim, what to do with her, where to go, with whom she communicates, with whom she interacts... You can capture with a video camera, Take photos, record your thoughts in a specific situation » , - Rozpov, specialist of Kaspersky Lab.

• Viktor Chebishev: this Trojan spies on specific people

The anti-virus expert clarified that immediately after the virus was detected, the company provided protection to its clients. Speaking about the threat to the most vulnerable people in the whole world, Chebishev noted that the stench was never a method of selfishness, but rather than calling for relaxation.

“If we talk about the mas-market, about us and you, then the attack, which was greater than everything, did not threaten us from the very beginning. Attack specific individuals. Prote (mass attack. - RT) cannot be written off from the rakhunki: those that are implemented in this Trojan can be replicated, but it can be expanded to a large number of koristuvachs,” said the RT spivrozmovnik.

Speaking about ways to counter the virus threat, the expert called on all investors not to install programs from third-party devices. In addition, we pleased our fellow residents to ensure the safety of their mobile devices, having made a good decision, in order not to allow the wrong order to go through, it will block the installation of virus programs.

“It is absolutely necessary to maintain special hygiene for your device. Because there is never a good time to attack you, and then everything will be all right. “Things will turn out better,” Chebishev summed up.

Viruses are harmful programs that can harm your computer, programs and important documents. Viruses tend to be created by maliciously rigged programs who want to override their professionalism or inform the rest of the world that they are outwitting the fakers of computer security. Such viruses are aimed at causing malware to a specific individual or infecting an entire organization, causing the waste and theft of confidential information. The worst thing is that some viruses go out of control and spread to a large number of computers.

You can infect your computer in any number of ways. For example, you can simply launch an unknown program or move through the gap and immediately discover that your computer begins to behave strangely. Let's say it appears pardon is critical If you are thinking of launching a program that was functioning just fine yesterday, or your computer will begin to carry out unintended operations on its own. Such viruses are even more dangerous because... They can be easily detected by popular antivirus programs such as True Sword. However, there is another category of viruses that do not exhibit any specific behavior. At the same time, a similar virus can be activated by a timer or a remote command. The consequences can be extensive: physical damage to expensive computer components and loss of important information.

It shows that it drops to over 4000 most dangerous viruses. It is possible to detect unknown viruses thanks to the unique technology of heuristic algorithms.

Trojan horses (Trojans)

The meaning of the term "Trojan horse" is provided by information - Webopedia:
There are all kinds of programs that masquerade as security. As opposed to viruses, Trojans do not reproduce, but make them less dangerous. One of the most common types of Trojan horses is a program that attempts to get viruses onto your computer, or, in turn, lets them in. The term itself comes from Homer’s Iliad, which speaks of how the Greeks gave a giant horse as a sign of reconciliation to their enemies, the Trojans. But after the Trojans placed a wooden horse at the walls of their place, a group of Greek soldiers showed up with an empty gift and opened the gates of the ancient empire of Ancient Greece.”

Our products – and – have a wide variety of Trojans. The process of depletion is similar to that of viruses.

Shpigunske PZ

“Whatever the program is, what secretly collects Koristuvalnytska information for help, connecting to the Internet without the knowledge of the customer himself. Information given selects the method of promoting the primus stove advertising. The program of Shpigunsky PZ, as a rule, includes the following components of a cost-free or intellectually-bezkoshtov software security, if you might be attracted to the Internet. However, it is necessary to create precautions to ensure that the majority of cost-free or intellectually-cost-free software security comes from a set of spyware programs. After installing spyware programs, monitor the client's activity on the Internet and transfer all information to background mode third persons. The security software can also collect information about addresses by e-mail and enter passwords and numbers credit cards. Spyware software is similar to Trojan horses in that the scammers themselves unknowingly install these products if they want to acquire more. Encourage users to infect their PCs with the ability to infiltrate certain programs to work with peer-to-peer networks (torrents and others).

Due to ethics and privacy protection, malicious software steals computer resources, vikory resources, and reduces productivity because... It provides information to third parties who are subject to the power of the Internet. Fragments of malicious programs consume the memory resources of the entire system, programs that run in the background can cause system failures or underlying system instability.
Remnants of the security program appear in the eyes of the independent linked files You can navigate through key combinations, scan files onto your hard drive, and access other programs such as chat programs or text editors, install other spyware programs, read cookies, change settings for navigation programs on the Internet, consistently transmitting all information to third parties, such as vikorists comfort for advertising/marketing or clearly malicious purposes.

Licensed areas that support software downloading processes sometimes warn buyers about those that will be installed and special add-ons in the order of downloading the software, otherwise these documents cannot be read again, because Information about the installation of Shpigunsky software security must be submitted to the important guards.”

I have a large database of household data shpigunsky programs. Our product recognizes and eliminates spyware programs, protecting the user's privacy. With the help of heuristic algorithms, the names of spies that are not in the database are revealed.

Advertising PZ

The meaning of the term "Spygun security program" is provided by information - Webopedia:
“1) This is a type of spy programs that collect information about the moneymaker with the method of inflicting advertising advertisements on the programs on the Internet in obscurity, similar to the moneymaker himself.
2) This is a security program that works well in combination with other programs.”

Software

Basically, this is a type of software that collects information about skin activity that is generated on your computer. The practice of such programs is being used by others to monitor their activities and detect their actions on corporate machines. Also, a jealous friend doesn’t want to vikorize PZ stezhenya to “keep an eye” on their other halves. The list can go on for a long time. Golovne are those whose programs infringe upon (or even destroy) your right to confidentiality in a shameless manner.

Designed to respect your privacy.

Free "dialers"

“Dialers” are a type of software that your modem uses to make expensive calls without your permission to numbers that are mostly used by companies that provide services for adults (they can also be called X XX service). You can infect your computer with such “dialers” during regular Internet sessions.

And find out and see more than 100 different types of free “dialers”.

Keyboard spigots

Keyboard loggers are a type of software that records all variations of key sets on your computer in special file And it is controlled by third parties (such as hackers). Keyboard lockers are especially involved in organizing the theft of account names, passwords, email addresses, credit card numbers, etc. removes the absence of keyboard pins. For more the best one Of your PC, from this nasty software, vikoryst, which blocks ALL types of keyboard keys, both known and unknown.

Trojan programs As you can see from the name, they are most often used on your computer with your permission. Of course, you won’t even realize that you’ve got this worthless program. You can install it under the guise of a new browser or extension, along with a utility that you yourself downloaded from the Internet and installed on your computer.

Trojan programs can create bot-measures and, at the required moment, following the attacker’s command, terminate the action under the name of your computer. So, for example, DDoS attacks (Distributed Denial of Service - “divided into serviced units”) are organized on various sites on the Internet with the method of making them inaccessible to clients.

In addition, there are Trojans that redirect you when you launch your browser to a site that requires criminals to pay to unblock Internet access.

When you try to open the page of any popular website, for example Google.ru or Mail.ru, the browser is automatically redirected to the web page created by the criminals with notifications that access to the Internet is blocked. To “unblock” you need to enter your details bank cards. Of course, it’s absolutely not possible to be robotic!

An example of such a program is Trojan.Hosts.5858. This program is inexplicably invaded on the computer by a Trojan of the BackDoor.Andromeda family. Krim Trojan.Hosts.5858, in addition to this Trojan, other Trojans can be used on your laptop, for example Trojan.Spambot.11349 and BackDoor.IRC.Aryan.1.

Types of Trojans:

• Backdoor - allow an attacker to remotely touch your laptop.
• PWS - record and reveal your passwords to an attacker.
• Clicker - in these and other ways, it prevents you from discovering the desired site on the Internet (for example, it is necessary to create the starting page when launching the browser).
• Proxy - allows an attacker to use your computer as a proxy server in order to assign it to your real IP address.
• Downloader – downloads other unwanted programs onto your computer.
• DDoS – wikirist uses your computer to organize DDoS attacks.

You can learn more about the name while watching the reviews antivirus programs If they detected Trojan programs on your system.

Merezhevi worms

When replaced by Trojans, the worms independently expand through the computational boundaries. To “subscribe” to the hrobak, you may not go online. Dosit that the computer is connected to local measures your provider.

You can take a look at Conficker to finish the butt of the troublesome hrobak. This hack allows the evildoer to take control of your computer. Fortunately, modern antivirus programs with fresh databases successfully cope with this troublesome program.

Programmi-spiguni

One of the brightest applications of such programs is Flame. There you can work behind the wicked man's order, everything is over-invented. True, the main significance of this Free programs- commercial trickery. It searches the computer disk for files from chairs (most important in AutoCAD formats) and PDF documents (often such files themselves store technical documentation).

Continued statistics. I will recognize this part.

Shahrayism scheme

Trojans are spyware programs that are capable of capturing personal information from the victim’s computer and sending it via the Internet to the author of the Trojan.

Trojans are often confused with viruses, they are misunderstood as viruses, they mainly harm the victim’s computer, multiply and infect other computers, Trojans are more of a practical problem.

In my analogy, the virus can be equated with a vandal-bestrodel, who rushes around the place, who ruins everything in his own way, instantly inciting the faint-hearted citizens to join in before the pogrom. The Trojans are traditionally the agents of war, who sit at the back and listen for commands, or sing their pods, after which they go out of their way and methodically complete the secrets hidden in them.

The main functions of Trojans are the theft of logins, passwords, account numbers and cards, other confidential information, with the further transfer of the stolen Trojan to the master. The Trojan consists of a client and a server part. The server part is usually on the victim’s computer, the client part is on the Trojan owner. The owner of the Trojan may be his creator, but the Trojans often write on the petition for the victorious song command. The connection between the client and server parts occurs through any open port. Transmission protocol—include TCP/IP, but also Trojans, vikorysts, and other communication protocols (such as ICMP and UDP). Call the Trojans masquerading as beings korisnu program, or archives that self-unpack. When it starts, the computer is prompted to download the Trojan code, which then passes it on to the main program. The Trojan can also simply, or effectively, disguise itself under a file with any other extensions - for example, GIF, DOC, RAR, etc.

Classification of Trojans

Fighting the Trojans

First of all, we need to prevent the Trojan from getting into the computer, and for that you need an antivirus. Unfortunately, the antivirus cannot 100% protect your computer from receiving a Trojan.

Here a firewall comes to the rescue, because it is necessary to follow the rule “everything that is not allowed is blocked off.” You only regulate the rules for programs that allow them to send or receive information from the Internet.

It looks like only a few new program, you want to send information to the Internet, the firewall will show you a notification indicating which program wants to send information. Yakshcho vi bachite, scho given the program unknown to you, then you simply press the “Protect” button outgoing traffic", as a result of which the firewall creates the rule and no longer sends you these messages. For details about choosing and setting up a firewall, please read specialized literature.

It is also recommended to periodically check your computer for Trojans, special programs, named i report description Wikoristannya you can easily find on the sites dedicated to information security, incl. Kaspersky and Dr.Web

Preparation material with the participation of an independent consultant with information security - Lantsova Maxima