1 00:00:00,070 --> 00:00:06,000 So how does these application reach the end user simply through different distribution mechanism? 2 00:00:06,480 --> 00:00:13,260 The simplest one is Appstore distribution and where the Trojans are uploaded to the absolute in large 3 00:00:13,260 --> 00:00:21,870 number to take advantage of the download volume, the Trojan is disguised in a free tool which supposedly 4 00:00:21,870 --> 00:00:24,510 will have legitimate application purposes. 5 00:00:25,230 --> 00:00:28,950 Another approach is to use phishing enabled distribution. 6 00:00:29,550 --> 00:00:36,150 It's a popular method for coercing users into installing malicious applications is another approach 7 00:00:36,180 --> 00:00:39,000 is to use phishing, enable distributions. 8 00:00:39,480 --> 00:00:46,920 A popular method for coercing users to install malicious applications is to send them links to HBK files 9 00:00:47,340 --> 00:00:49,920 hosted on the attacker Web site. 10 00:00:50,490 --> 00:00:56,310 Normally this happens over s.m as or email spam messages. 11 00:00:56,970 --> 00:01:01,190 A third approach is to distribute via compromised website. 12 00:01:02,010 --> 00:01:08,040 The dissemination of mobile malware may be facilitated through the compromise of a legitimate website 13 00:01:08,460 --> 00:01:12,480 that is then used to host malicious applications. 14 00:01:12,930 --> 00:01:20,490 Distribution VÍA Operating System Images is an alternative to App Store deployment in where the Trojan 15 00:01:20,580 --> 00:01:25,490 application is included within the custom operating system images. 16 00:01:25,950 --> 00:01:33,270 So on the US platform itself, natively, so on platforms that allow device manufacturers to load their 17 00:01:33,360 --> 00:01:36,660 own or as version images at the point of distribution. 18 00:01:37,230 --> 00:01:44,070 There is a risk that Trojan application may be included as part of the standard distribution. 19 00:01:44,700 --> 00:01:45,480 Compromised. 20 00:01:45,780 --> 00:01:46,770 So scalds. 21 00:01:47,010 --> 00:01:47,910 So legitimate. 22 00:01:48,480 --> 00:01:55,980 Legitimate applications can also be romanized by a malicious actor without the knowledge of the original 23 00:01:56,220 --> 00:01:56,820 developers. 24 00:01:57,120 --> 00:02:03,300 So an attacker might compromise source code, do a malicious change and then upload the application. 25 00:02:03,660 --> 00:02:10,290 At the end of the day, the users will install such applications that supposedly will facilitate their 26 00:02:10,860 --> 00:02:11,640 compromised source. 27 00:02:11,640 --> 00:02:17,640 Could happen when legitimate applications are chosen eyes by malicious actors without the knowledge 28 00:02:17,640 --> 00:02:19,020 of the original developer. 29 00:02:19,350 --> 00:02:25,740 The source code is then changed compiled and the AP K is uploaded to many platforms. 30 00:02:26,670 --> 00:02:32,850 While the distribution of Trovan applications is the most common form of deployment mechanisms for mobile 31 00:02:32,850 --> 00:02:33,360 malware. 32 00:02:33,960 --> 00:02:42,960 There are some circumstances where a malicious actor may develop exploits for typical software installed 33 00:02:43,080 --> 00:02:48,060 on target devices and use them to install their payloads without user interaction. 34 00:02:48,510 --> 00:02:58,860 So an attacker might exploit a vulnerability in an application to to be able to silently install a malware 35 00:02:59,340 --> 00:03:01,500 on the mobile phone of the user. 36 00:03:01,770 --> 00:03:07,200 Last but not least, it's the loss of physical control where most of the deployment mechanisms described 37 00:03:07,290 --> 00:03:14,430 above and where most of the deployment mechanisms we just describe involve compromise that occurs while 38 00:03:14,430 --> 00:03:16,950 the device is in the hands of the user. 39 00:03:17,280 --> 00:03:23,490 However, there may be situations where a malicious actor seeks to leverage a period of time when the 40 00:03:23,490 --> 00:03:25,860 device is not in the possession of the user. 41 00:03:26,400 --> 00:03:33,810 Scenarios such as monitoring software installed by authorities during a border transit or a device left 42 00:03:33,900 --> 00:03:38,610 unattended, for example, and on Ortel or in a public place.