Cybersecurity solutions company Kaspersky found that there are at least five types of malicious software (malware), in the form of a Trojan, targeting devices of employees in Southeast Asia (SEA), including the Philippines. Trojan, as the name implies, disguises itself as legitimate files and then infects the devices and networks when it successfully penetrates the devices.

Remote and hybrid work setup made mobile devices more vulnerable to attacks because of unsecured home networks and public Wi-Fi employees used.

Trojans cannot self-replicate or make copies of themselves but they delete, block, modify or copy data, and they disrupt the performance of computers or computer networks.

Based on Kaspersky’s anonymized data, the following Trojans were found in employee devices in the country. This set of mobile malware types was identified in devices of the company’s users in the Philippines for two consecutive years since 2021.

PH is top target of banking Trojan in APAC region — Kaspersky
Kaspersky detects 13% increase in malware attacks vs online gamers

Generic Trojans may pass unnoticed when installed on a device. Apart from stealing data, Trojans can carry out a range of other functions, such as deleting, blocking, modifying, or copying data, or disrupting the performance of computers or computer networks.

• Trojan-Downloader: This malware downloads and installs new versions of malicious programs on victim computers. Once downloaded from the internet, the programs are launched or run automatically when the operating system of the computer boots up.

• Trojan-Dropper: This is designed to secretly install malicious programs built into their code to victim computers. A Trojan-Dropper saves a range of files that are hidden in the executable file to the victim’s drive and launches without any notification, which makes the malware protected from detection.

• SMS Flooder: This is a malware type designed to flood and clog text message channels with useless messages. This is a tool sometimes used by spammers.

• Backdoor: One of the simplest but possibly most dangerous types of Trojan. It allows an attacker to execute any command on a victim’s device.

Botnets

Backdoors are used to set up and control botnets (robot networks), which allow cybercriminals to remotely infect devices or computers. When this happens, the device becomes “part of a zombie network used for mass attacks such as data theft, server crashing, and malware distribution.”

“Once installed, backdoors can be instructed to send, receive, execute, and delete files, harvest confidential data from the computer, log activity on the computer, and more,” Kaspersky explained.

The Backdoor malware type replaced the “less powerful” Trojan-Proxy, which is typically used to send out mass spam mailings.

A look into Kaspersky’s telemetry from January to June this year shows that Trojans identified in mobile work devices in other countries in the Southeast Asian region are closely similar.

To help enterprises secure their data amid a post-pandemic BYOD set-up, Kaspersky experts suggest:

1. Automatically enforced security policy. Company rules are inefficient if they are just printed and signed by employees. A worker does not have to think if a certain app or website is appropriate, restricted, or plain dangerous. He or she is usually not an expert in this. Automated control on software, devices and web is the only solution to prevent accidental loss of data.
2. Inventory. The IT department has to know exactly which devices are allowed certain privileges to access corporate data and be able to revoke the access rights or block the device completely.
3. Beyond anti-malware. When talking about protection from threats, effective, industry-leading anti-malware protection is a must, but it alone cannot guarantee security. While a traditional anti-virus engine is fine with generic viruses and Trojans, targeted attacks require more sophisticated techniques. Among them are solutions designed to directly combat new and unknown exploits, vulnerability assessment tools and frameworks that will automatically install and control software and push updates for critically vulnerable applications.
4. Mobile Device Management. A security policy has to be enforced on all devices, regardless of platform, and traditional business security suites are not capable of applying the rules and security features for smartphones and tablets. Modern mobile platforms like Android and iOS do have to be supported, and managed centrally just like traditional laptops.

Further protection of data using encryption. It reduces the chance of sensitive data loss even in a case where a personal device was compromised or stolen.