After ten years of his city, Troy, being under siege by the Greeks, Thymoetes finally found some good news. As a Trojan scout, he was patrolling outside the city walls on the beach. The Greek camp lay in ashes. It was deserted and empty except for one strange item. There was an enormous wooden horse with a sign on it saying, “a gift to the goddess Athena.” His Trojan king was convinced that if they brought the horse into the city walls, he would become ruler of all Asia and invade Greece with the help of Athena.
The rest of the story did not go as the king would have hoped. The Greek ships were waiting nearby to return that night, and there were thirty to fifty of the best Greek soldiers in the giant horse. At night, the obscure Greek soldiers climbed out of the horse and opened the city gate to let their army into the city to attack. Subsequently, the Greeks took the city of Troy.
Thank goodness that does not happen any longer, or does it? In the cyber world, it is happening every day. A “Trojan horse” or “Trojan” is a type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves trying to gain access to users' systems. There is a special type of Trojan called a Remote Access Trojan (RAT) that takes over and controls your phone or computer from its command and control center. The spying activities the hacker may carry out once that RAT is installed vary from exploring your file system, watching activities on the screen, and harvesting login credentials.
Be aware of a new phone application for Android phones called “System Update.” It advertises itself as a handy application that keeps your phone updated and secure. In fact, the total opposite is true. The app is able to inventory all the applications and data on your phone and send them to its command and control server. It can also monitor your GPS location, take pictures with your camera, turn on the voice recorder, and record your phone conversations. It is so sneaky, after it uploads the information to the server, it cleans up behind itself, so there are no suspicious files left behind.
This particular RAT is not available from the Google Play store, but is available from a third-party store. Although Google tries to keep malicious apps off of its store, a study published last year showed that it was the main distributor of malicious apps. The Google Play Store is so big, many bad apps get through before Google discovers them. So, it pays to do your due diligence of any application you download. Make sure it comes from a trustworthy vendor.
Watch out for RATS in disguise. For example, an app used by parents to monitor their children’s mobile devices was actually monitoring the parents! Other examples are several RATs claiming to be Virtual Private Network (VPN) apps to provide end-to-end encryption for browsing. Instead, they provided end-to-end inspection.
Be cautious of free apps. If it is too good to be true, there are two probable reasons — either you are the product, or it is a Trojan. Whether you think you are getting a high-speed system updater for free, or a giant horse to help you conquer Asia, do some investigation before making the commitment to download that application.
