1
00:00:00,480 --> 00:00:07,440
Despite the wide variety of mobile malware families, most can be categorized into the ones shown on

2
00:00:07,440 --> 00:00:07,920
the screen.

3
00:00:08,610 --> 00:00:14,400
We will start with the rats or remote access tools, which represent the most comprehensive threat to

4
00:00:14,400 --> 00:00:17,880
mobile devices due to their broad functionality.

5
00:00:18,390 --> 00:00:26,070
They typically enable extensive access to data from infected victim devices and are often used for intelligence

6
00:00:26,070 --> 00:00:26,640
collection.

7
00:00:27,330 --> 00:00:31,170
And this course, we will together learn how to create Iran's application.

8
00:00:31,530 --> 00:00:38,580
Typical features provided by a mobile red application include the listing of device information such

9
00:00:38,610 --> 00:00:47,010
as manufacture model operating system version and the Imai, which can be used to uniquely identify

10
00:00:47,010 --> 00:00:50,370
your device and the user it can list as well.

11
00:00:50,610 --> 00:00:55,090
All the applications installed on your device, it can retrieve the device.

12
00:00:55,110 --> 00:00:55,980
Call history.

13
00:00:56,280 --> 00:01:02,190
It can as well retrieve contact information from the device, address book, retrieve all the browsing

14
00:01:02,190 --> 00:01:04,080
history and the bookmarks you have.

15
00:01:04,650 --> 00:01:10,710
It will enable the hackers to get access to your s.m as send an estimate on your behalf.

16
00:01:10,770 --> 00:01:18,090
Intercept a semi's as well as enable G.P.S. logging and location so that they will be able to trace

17
00:01:18,090 --> 00:01:18,330
you.

18
00:01:18,600 --> 00:01:26,040
It will capture as well you're a screenshot and will enable the attacker to manipulate the front and

19
00:01:26,040 --> 00:01:30,750
the real cameras to enable access to the microphone device.

20
00:01:30,780 --> 00:01:35,520
So as you can see, the attacker would have full remote access to your phone.

21
00:01:35,820 --> 00:01:42,720
Some of the enhanced functionality is used by the red is to intercept Assam's messages so they can use

22
00:01:42,720 --> 00:01:50,580
the messages such as ODP or Two-Factor authentication to compromise other services that you use elsewhere,

23
00:01:50,610 --> 00:01:57,180
or a stalk where it's the legal commercial spyware that utilizes right functionality.

24
00:01:57,390 --> 00:02:02,790
These devices will have the capability of surveying the end user.

25
00:02:03,200 --> 00:02:09,000
Stockwell is a family of malicious application, which is somehow illegal because its commercial use,

26
00:02:09,060 --> 00:02:15,840
but it utilizes wrapped functionality so that it surveys stork's the user.

27
00:02:16,260 --> 00:02:22,130
That's why the name iStock, where you can as well call it spouse where so the right tools and this

28
00:02:22,130 --> 00:02:26,520
talk were to fall within one family as well.

29
00:02:26,730 --> 00:02:34,470
We have very well known applications which are commercially used mainly by governments that employ the

30
00:02:34,830 --> 00:02:39,780
remote access mechanism, such as the remote control system.

31
00:02:39,830 --> 00:02:43,860
ISIS released 2009 by a company called Hacking Team.

32
00:02:44,190 --> 00:02:50,760
It is compatible Android R US and those days, BlackBerry and Windows, mobile phones and Symbian.

33
00:02:51,180 --> 00:03:00,630
Another well-known right tool is called Finn Fisher, released in 2011 by the Gamma Group and the OS

34
00:03:00,630 --> 00:03:04,330
compatability is mainly AOS, an Android BlackBerry.

35
00:03:04,590 --> 00:03:12,420
We have as well two recently well-known tools named Pegasus and Kharma, merely targeting the iPhone

36
00:03:12,750 --> 00:03:13,230
platform.

37
00:03:13,410 --> 00:03:21,900
The next family is banking Chozen, which are popular subset of mobile malware that specifically target

38
00:03:21,900 --> 00:03:23,550
mobile banking services.

39
00:03:24,120 --> 00:03:32,010
Obviously, for financial gain, these Trojans are distributed and disguised as legitimate application.

40
00:03:32,490 --> 00:03:40,110
Meanwhile, they embed additional functionality that intercepts user credentials or one time passwords,

41
00:03:40,530 --> 00:03:40,980
etc..

42
00:03:41,250 --> 00:03:49,920
Many of these banking Trojans are available for purchase on criminal forums, online mobile ransom,

43
00:03:49,920 --> 00:03:57,720
whereas malicious software that seeks to deny victims to use fully their computing devices until a ransom

44
00:03:57,780 --> 00:04:02,520
is paid by a mean of digital currency such as Bitcoin.

45
00:04:02,910 --> 00:04:10,050
The concept of France, where is replicated to the mobile environment while taking the advantage of

46
00:04:10,050 --> 00:04:16,050
the wild, the concept of friends, where it has been replicated within the mobile environment to take

47
00:04:16,050 --> 00:04:18,330
advantage of the wide adoption.

48
00:04:19,080 --> 00:04:26,070
While some mobile ransomware families attempt to end encryption of files on the mobile is not worth

49
00:04:26,070 --> 00:04:32,070
it because there are cloud storage devices and where the user can easily retrieve his files.

50
00:04:32,280 --> 00:04:39,120
So instead of encrypting the files on your mobile, the ransomware is locking the device by using a

51
00:04:39,120 --> 00:04:40,140
display message.

52
00:04:40,710 --> 00:04:47,190
Similarly, to mimic the ransomware attack on desktops.

53
00:04:47,820 --> 00:04:54,780
So you need to provide a certain amount in digital currency so that you'll get the access code and have

54
00:04:54,780 --> 00:04:58,920
full access to your mobile crypto mining malware.

55
00:04:59,160 --> 00:04:59,850
Are further.

56
00:04:59,930 --> 00:05:04,790
Adoption of traditional roving generation schemes applied to mobile devices.

57
00:05:04,910 --> 00:05:11,990
It involves the Clear Channel of executing and calculating some algorithms to generate digital money.

58
00:05:12,620 --> 00:05:18,470
It's worth noting that crypto mining requires a huge resources for processing.

59
00:05:18,650 --> 00:05:20,270
But this is not worth it.

60
00:05:20,290 --> 00:05:24,170
On the CPUSA, because the mobile C.P.U is not optimized for that.

61
00:05:24,860 --> 00:05:33,950
But obviously Mallo writers are targeting, but obviously malware developers are developing such applications.

62
00:05:34,010 --> 00:05:37,700
It will result in having solid performance on your mobile device.

63
00:05:38,010 --> 00:05:44,660
The result of being compromised by crypto mining malware is likely to be observed by having a slower

64
00:05:44,660 --> 00:05:47,860
performance on their mobile device advertising.

65
00:05:48,140 --> 00:05:48,870
Click fraud.

66
00:05:48,970 --> 00:05:55,910
There's another class of mobile malware observed through the distribution of tools designed to accomplish

67
00:05:56,450 --> 00:05:57,240
advertising.

68
00:05:57,380 --> 00:05:57,950
Click fraud.

69
00:05:57,980 --> 00:06:00,830
So as you know, we have Google, for example.

70
00:06:00,830 --> 00:06:07,100
They have the ad where the owners of such accounts generate money through click rates.

71
00:06:07,610 --> 00:06:12,530
Another class of mobile malware is observed through the distribution of tools designed to accomplish

72
00:06:13,040 --> 00:06:13,730
advertising.

73
00:06:13,730 --> 00:06:14,300
Click fraud.

74
00:06:14,840 --> 00:06:17,330
As you know, Google have Ad Mobb.

75
00:06:17,360 --> 00:06:23,780
If I'm not wrong, AdMob to its assistant to set up advertisement on mobile phones in where the owner

76
00:06:23,780 --> 00:06:26,420
of such account will generate money.

77
00:06:26,630 --> 00:06:33,080
So they click for process is enabled through the creation of hidden HDTV request on these applications

78
00:06:33,080 --> 00:06:37,610
to specific advertising resources associated with the actor.

79
00:06:38,090 --> 00:06:41,390
So it will generate clicks on behalf of the user.

80
00:06:41,450 --> 00:06:42,250
Without these annoying.

81
00:06:42,770 --> 00:06:45,350
The purpose is purely financial gain.

82
00:06:45,740 --> 00:06:53,150
It will not pose direct threat to your mobile phone, but it might cost you some additional traffic.

83
00:06:53,300 --> 00:06:55,220
By using your mobile data.