Agent.HQS is not a new threat, but it has been steadily strengthening since this spring. In the Czech Republic, the number of its detections increased from 2.29% in April to 4.00% in May. In June it was already 6.53% and in July 8.06%.
In August – according to the most recent virus statistics, which the antivirus company Eset compiles regularly – the share increased to 8.52%. In practice, this uninvited visitor is behind every 11 detected attacks on Android mobile devices, which makes it the second most widespread threat on this platform.
The fact that this year Agent.HQS rose to the top of the viral statistics practically from scratch is a significant increase.
Users release it themselves
The worst part is that most often people let this uninvited visitor into their mobile devices themselves, when they download some fraudulent application from an unofficial store. “The attackers also disguise it as an imaginary application, namely MXtech video player,” warned Martin Jirkal, head of the analytical team at the Prague branch of Eset.
He emphasized that Agent.HQS spreads in the form of so-called dropper. These malicious codes have only one task, and that is to install additional malware on the device. Basically, they function as an envelope that “delivers” additional malware to the device. “When users install an infected application, the envelope is unzipped and some other malicious code is installed with it,” the security expert pointed out.
Basically, Agent.HQS opens a backdoor into the system through which attackers can sneak any other virus into the Android system. They can easily enslave and remotely control the entire device or block it and demand a ransom.
However, defense against this uninvited visitor is quite simple, it is enough for people not to download any applications from unknown sources to the device.
Survey
Do you use an antivirus program on your mobile phone?
A total of 10,976 readers voted.
Andreed reigns supreme in statistics
This also applies to the currently most widespread adware Andreed, this malicious code has been ruling the virus statistics within the Android platform for several months. In the August statistics, the share was 11.54%.
Fairpress.cz already warned about this uninvited visitor, who often hides in Car Factory Simulator or other titles.
Andreed belongs to the malicious codes of the adware type. The attackers do not try to steal any sensitive data through it, but they display excessive advertising on the attacked machine, from which they subsequently profit.
And that is probably the main reason why this uninvited visitor on mobile devices is still so much underestimated. In the media, more insidious threats, such as various extortion viruses, which lock all stored data and then demand a ransom for their access, are more often given space.
Fraudsters are playing journalists
Users should beware of various investment scams in which attackers misuse the name of the news server Fairpress.cz. Fraudsters are usually attracted to easy earnings in connection with well-known personalities. In recent months, for example, there have been fake articles with President Petr Pavle or moderator Jan Krause.
However, it is a typical phishing scam, where attackers try to lure money out of people under the guise of easy profit. However, the scam is quite sophisticated, all the links in the fake article lead to another fraudulent website.
In order to confuse the trusting cybercriminals as much as possible, in some cases they do not want to immediately fill in credit card numbers or send any money. Everything starts with registration on the given platform, after which the user will be contacted by the platform administrator. It is only with his help that money is coaxed out of the trusting ones. You don’t have to contact him only by e-mail, but also by phone.