Antivirus for all Beeline subscribers: tests on surveillance applications

Application audit page on the tablet of the wife, who was in the hands of a “jealous husband”

Together with the ESET antivirus company, we have made a special version of the mobile antivirus for all our subscribers. The application is available for Android and free of charge for Beeline subscribers in Russia. The traffic to download updates is free.

If necessary, you can upgrade to an advanced version with anti-phishing, anti-spam, and so on.
')

Why did we do this?

Because one of the most frequent causes of misunderstanding, where did the money go from the account, is the activity of malware, in particular, quietly sending SMS to paid numbers. It is much better to protect subscribers' phones than to deal with what and where is installed.

What happens from the zoo?

• SMS Trojans are malicious programs that, secretly, send messages to paid numbers, take control of accounts in social networks, and so on.
• Downloaders are malware that downloads and installs other malware from the Web on a device, in particular, to form botnets.
• Clickers - programs for generating traffic to sites through increasing the number of clicks.
• Phishing applications and sites, mostly aimed at the theft of personal information when performing banking operations.
• Various applications for spying on users, in particular, conditionally malicious, positioned as "so that the wife does not change."

The most common schemes of work of the creators of malware - the launch of phishing sites, similar to the sites of banks or online stores. When you enter the data of a bank card and theft occurs. Remotely intercepting SMS messages is also the desired goal of the hunters for these online payments.

Study that upsets the caller

Last year we collected the most frequent reasons for discontent and tried to understand what can be done with each:
- 17% of our sad users drowned the phone. Here we can not help.
- 13% met a pillar with a head, a chair with a little finger, legs or did something similar while reading the telephone.
- 8% of subscribers dropped their phone when trying to remove something beautiful from a height. A hell of a lot, but again we can do nothing.
- 5% lost money due to mobile viruses. Here we can correct the situation.
- 3% lost the phone because of pets and children (I do not understand why they put them in one category).

ESET conducted its research. About 13% of users mistakenly subscribed to unnecessary information services (here we have long ago introduced additional SMS confirmations and reworked the procedure altogether - here are the details ). 11% lost money from the account due to viruses, spam or tricks of fraudsters. That's why - because of these 11% - we are here.

How fast does antivirus work?

The proprietary "trick" of ESET solutions is work that is invisible to the user. This also applies to mobile antivirus. On most models of test phones, the increase in processor load is not very high and at the interface level is not noticeable against the background of conventional Android brakes . The download time of the phone is increased by 5–20 seconds.

Why Android?

Most viruses, trojans, frauds and other threats are designed for Android users. According to the ESET virus lab, last year the number of malicious programs for this platform increased by 63%, reaching up to 99% of known mobile threats.

How to find on Google Play?

On request "Mobile Security". The application is free for Beeline subscribers, checking by SIM-card. If the SIM is removed or replaced, the antivirus will behave in the same way as when a license expires.

Tests

During the tests, it turned out that there is another issue that worries our subscribers more viruses. Namely - domestic jealousy, expressed in the installation of various applications for surveillance. We decided to see how the antivirus works on them.

For the experiments, a tablet was selected on Android 4.1.2. The tablet is constantly used by the second half of the jealous man. Let's call her a victim. With the consent of the victim, the jealous man received the password from the device and changed its settings so that you can install applications from any sources other than Google Play on the tablet. The experiment lasted for a week.

Sms2spy from Google Play. The spy developer goes to full frankness and invites future users to test their soul mate by tracking SMS from the device. After installing from Google Play, the application does not behave like a spy. It honestly adds its bright shortcut to the desktop and to the application menu. Well, you can remove the shortcuts, then the victim will guess about installing the application, only by digging in the settings. But all the SMS victims for a few days managed to read. There was not a single occasion for jealousy.

Application audit in ESET Mobile Security displays Sms2spy with its original name and logo. The victim discovered a spy at the first viewing of the application audit in the antivirus.



"Spying on the phone." Also available from Google Play. In the description of the application, there are quite peaceful promises in the spirit of "Track the movement of the thief with your phone." It is reported that after installing the application disappears from all lists of applications, so the thief will not be able to deliberately remove it. For tracking the victim application is also useful. It will be useful to know where she goes and where she spends the most time.

Install the application, see how a second after installation, the shortcut on the desktop disappears by itself. We check that in the list of applications "Phone surveillance" does not really appear. Go to the site and check the performance of the application: the movement of the device can be tracked with all the details.

Mobile Security displays Phone Tracking in application audits under the mysterious name Tmf. However, the victim may not notice the spy if he does not carefully analyze the results of the audit.

Talklog , separate apk. This spy promises everything at once: and surveillance of SMS, and listening to conversations, and control over the movement of the device. Even the fact of disconnecting the phone can be tracked. The application is available for download on your website. Trying to download it. ESET Mobile Security responds instantly, warning that the tablet will now get a mobile trojan.

Hellospy , separate apk. The description is even more inspiring than in the previous case. Here and tracking SMS and calls, and tracking movements, and even access to contacts and photos on the device. Download the application on the device and immediately receive a warning that it is potentially unsafe. We skip it and allow the installation. The application behaves cautiously, does not create its own labels anywhere, does not perform suspicious actions like automatic Wi-Fi. On the application portal for us, jealous, free two-day access to the account to track the data.

In the meantime, the victim notices the new spy not immediately. In the application audit, a new line appears with a standard android-application icon and the name SystemService. Viewing application information at first does not arouse suspicion.

At this point, more than one spy is already working on the tablet, so the victim complains that the device is too slow. She decided to strengthen the protection. Now the antivirus has scheduled scans enabled, with the option “Deep Scan” selected. After studying the settings of the antivirus, the victim also configures the detection of potentially dangerous applications, which is not the default.

Because of these protective measures, surveillance did not last long. At the first scan, the antivirus detects a threat and offers to remove it.


Hellospy was hopeful and could be a successful scout, but was uncovered with deep scanning.

Finally, a few screenshots of ESET Mobile Security on the tablet, which is spying on a dozen applications.


Smooth rank of "spies" labels


Standard antivirus victim greeting


Not all developers of “completely invisible” spies keep their promises.

What happens if the device is stolen and the SIM card to which the license is attached is taken out?

The Anti-theft feature allows you to set an additional password and has additional functionality in the enhanced version.

If you lose your device or someone steals it and replaces your SIM card with a new one (not trusted), the device will be automatically blocked by ESET Mobile Security and an SMS will be sent to the numbers you specified. It will contain the phone number of the inserted SIM card, the IMSI number and the IMEI number of the phone. An unauthorized user will not know when a message has been sent, as it will be automatically removed from the “Messages” dialogs.

How many viruses are there for mobile platforms?

If in 2010, experts from ESET Anti-Virus Laboratory opened three families of malware for Android, in 2013 their number reached 79. One family (group) of malicious objects, such as viruses, Trojans or unsafe applications, combines up to several million samples.

Antivirus is updated daily by default. At the same time, new bases can be released once a week. The traffic is free. You can set longer update periods in the settings, but not disable them - this feature is protected.

How many people know about mobile threats?

As a rule, subscribers are not disturbed by viruses as such - only the consequences. According to polls at the end of last year, 53% of users do not even know that there are antiviruses for smartphones.