Wroba Trojan

The Wroba Trojan is spyware that collects confidential information from compromised Android and Apple-brand phones and abuses SMS messaging features for spam. Over the years, this threat's distribution vectors vary, with old examples including fake applications and newer cases as links in package delivery-themed text messages. For their protection, vulnerable users should update any compatible anti-malware products for deleting the Wroba Trojan as accurately and quickly as possible.

A Phone-Based Trojan Finally Takes a Trip Overseas

The Wroba Trojan, also known as FunkyBot, is a threat whose presence on the mobile phone threat landscape is known for over half a decade. Through operations such as the Roaming Mantis campaign, researchers in the security industry re-confirm its consistently data-plundering features and new distribution exploits. However, what's new to the Wroba Trojan in 2020 is its victims' demographics as it expands out of Asian nations like Japan and South Korea and into the United States.

The Wroba Trojan's latest campaign targets both iOS and Android phones, although only the latter experience the drive-by-download that infects the device with the Trojan. In both attacks, the victim receives an SMS message pretending that it's a delivery notification, with a link to either a drive-by-download for the Wroba Trojan (for Android) or a tactic collecting Apple account credentials. Android users, then, have additional problems from the Wroba Trojan's payload.

The Wroba Trojan has a few features for spamming or self-distribution, such as sending SMS messages and basic C&C communication security like DES encryption. Still, malware experts point out that most of the Wroba Trojan's features are for collecting credentials and device information, such as:

• Monitoring any package installations
• Collecting data associated with financial transactions directly 
• Harvesting the user's contacts (possibly, for further SMS targets)
• Redirecting browsers to phishing Web pages for collecting more credentials

Malware experts have no current data on other security risks applicable to the iOS or Apple phone-using victims. Attackers may use account access for more harmful actions or merely sell the credentials on the dark Web.

A Well-Rounded Approach to Constantly-Growing Trojans

The Wroba Trojan's campaigns don't stick to an individual strategy for distribution. Current tactics in 2020 may use the often-favored method of delivery notice tactics. Users also may acquire infections from downloading threatening applications – even from reputable storefronts – or suffering browser redirects from compromised routers. As a result, all Android and Apple phone users should prepare themselves with a generally well-rounded attitude towards protecting their devices.

Users never should install software updates from unofficial sources, including sites that use 'typo-squatting' or misspelled look-alike addresses. They also may check application reviews for suspicious history and avoid installing very new applications or ones with large numbers of low review scores. Router protection from potential 'hacking' requires both strong passwords and up-to-date firmware that removes known vulnerabilities.

There can be no symptoms related to most attacks by this Trojan, although some users may experience browser redirects or pop-ups related to its phishing tactics, such as fake bank login requests. Effective anti-malware programs for phones should flag and remove the Wroba Trojan appropriately.

The Wroba Trojan's trip across the ocean to fresh sets of passwords and bank accounts makes for a warning to the watchful. Phone users behaving as if security problems only are for computers could get a stark alarm from the next piece of Trojan SMS spam, and hopefully are ready for it.