9 March, 2021

Lukas Stefanko is а Malware Researcher in the Slovakian based company Eset. He’s been occupied in the field of Internet security for nine years and in the last seven, he’s been focusing strictly on the Android OS. 

“Identity theft, stolen personal data and blackmailing, being spied on and sexually harassed, spreading malware or requesting money from people in your contact list”. 

These are NOT Mr. Stefanko’s charges in court. These are warnings. Are we sure in the purity of our mobile devices and can we recall everything, that we’ve installed or every photo we’ve sent and received? 

What’s the difference between Android and iOS malware defenses? Is one safer than the other?

Definitely iOS is a closed system and more difficult for bad guys to deliver their malware than on Android. Because of that, malware on iOS is rare compared to Android. It doesn’t necessarily mean security of Android OS is worse, but it is more attractive to hackers due to its approximately 80% market share on mobile devices and option to spread malware via fake websites or emails.

Will I be correct if I say that Trojans are the most widespread threat on the web? And if so, are there other, more dangerous threats?

Trojans are the most dangerous – because of their malicious functionality, however the most widespread is Adware. Adware is an unwanted type of application which purpose is to display ads without any user interaction to generate revenue. If I compare it to Trojans, victims have to perform an action such as filling in credentials, allow intrusive permissions or activate Accessibility services and then they can generate money.

And when our phones are infected with a virus, what are the most likely problems that appear? Performance issues? Data loss? Data-stealing?

Actually, all of them, and sometimes even all of these at once. For me, and I believe for many other mobile users the worst case scenario is a financial loss caused by malware either by sending premium SMS, making calls or gaining access to the victim’s banking account. Another unwanted case is data stored in mobile phone such as your documents from work, photos, contacts, email backups, sent text messages, sometimes even pictures of ID, driving license and all these files can be either stolen or deleted. Most times after such actions there are requests to pay ransom for obtaining these files back from hackers.

Most of these Trojans are always running in the background and can be responsible for lower battery life or performance issues. One example is malware that mines cryptocurrency on infected devices 24/7.

Most of the threats/viruses are hidden behind licensed apps that customers download on an everyday basis… What is the agenda for the person who is putting them there? Is there money involved? Is a program doing that, or a group of people? Can you explain to us how it actually works?

The main goal of such malicious apps is financial gain and stealing data or in some cases spying on individuals. Most of the bad guys are interested in getting money from the potential victim. It means that this malware either impersonates fake Banking applications that steals login credentials or legitimate looking apps with useful functionality that after some time reveal malicious functionality.

These apps wait for the victim to launch their banking app and then they would display an  activity that overlays the legitimate banking app activity to request the user to log in. These credentials are then sent to the malware operator. They can also bypass SMS One Time Passwords or two factor authentication.

Actually, how can we protect our devices? What’s the best way to keep them safe? Are the many anti-malware, antivirus programs any good?

To stay protected, users shouldn’t install apps from unknown sources, only from Google Play. Still, before installing apps even from Play Store users should verify if the apps are safe to use for example by going through comments of other users, checking the app permissions or visiting the service website to see if they really have an Android app. Many times, users are in a rush and don’t have time to do all these checks, so then they should use some trustworthy antivirus to keep them safe while on the internet.

What does an average day look like and what difficulties do you encounter in your job as a Malware researcher? Are you trying to find new threats and malware?

The worst thing is the number of new Android threats being created and even available for free on the internet and accessible to anyone. There are dozens of new threats every day, but I am trying to focus on the most sophisticated to identify their new capabilities and what technique they use to spread.

What kind of software are you using in your work? Or any kind of programming languages, and how does it help you?

Most of the software I use is internal to track malware but for analysis of malware I use every day APK decompiler and disassembler for shared libraries. For programming languages it’s probably Python, it helps a lot.

What are your most hated adware and ransomware viruses? What harm are they doing?

I personally hate all adware. It displays full screen ads at the worst time, many times I have to watch it for 20s before I can close it. The worst thing is that without an antivirus it is hard to identify which app is responsible for these ads.

My most hated ransomware viruses are the ones that actually encrypt all the files and also set a PIN for the device. Getting rid of such threats is extremely difficult without data loss.

On a global level, what is the worst that can happen if we don’t protect our devices?

Identity theft, financial loss, losing access to social media, stolen personal data and possible blackmailing, being spied on and or sexually harassed, spreading malware or requesting money from people in your contact list etc.

 

The interview was conducted by Plamen Mihaylov

Tags: , , , , , , , , , , ,