Did You Know?



Reply
Community Leader
Jasper_The_Rasper
Posts: 1,095
Registered: ‎06-12-2013

New Android Trojan making the Asian rounds

Mobile malware tends to make news on a regular basis, most notably targeting Android. As Microsoft has learned with Windows, being the market share leader also means presenting the biggest target.

Russian virus researchers at Dr. Web are releasing new research around the latest volley from cyber-criminals, this one being dubbed "Android.Spy.40.origin". The Trojan is currently only prevalent in the southeast Asian geographic area, specifically in South Korea, where it's spread by means of unwanted SMS messages containing a link to an APK file.

Once the program is executed, Dr. Web explains that "the Trojan connects to a remote server from which it receives further instructions". These instructions include intercepting inbound messages and uploading them to the server (while also hiding them from the user), blocking outbound calls, sending a list of your contacts and apps to the server, removing and installing apps and sending text messages.

 

.

.

.

.

For now, the Trojan has not left the Asian region, but that is always subject to change, and the technology to escape detection can be exploited in other nefarious software in the future.

 

Full Story

 

One to watch out for.

Community Leader

Please use plain text.
Threat Researcher
CameronP
Posts: 35
Registered: ‎01-19-2012

Re: New Android Trojan making the Asian rounds

Thanks for posting this, Jasper!

 

Looks like we have a handful of samples of this threat as well. Nearly all of them are already detected and we were able to create a more reliable definition to better detect this threat and catch the rest.

----

ಠ_ಠ
Please use plain text.
DavidP1970
Posts: 3,231
Kudos: 1,651
Registered: ‎10-28-2012

Re: New Android Trojan making the Asian rounds

I have a question on this: my own admittedly ancient and outdated 'Droid has the setting to by default block all 3rd party sourced applications from being installed, only downloads directly from Google Play (Market on mine) are allowed unless I manually over ride it.  Does this infection manage to work it's way around this protection setting?



      

New to the Community? Register now and start posting!



Helpful Webroot Links:


Download (PC)   Download (Best Buy Subscription)   Submit Trouble Ticket   Account Console   User Guides   



"If you don't learn something new every day, you need to pay more attention. I often get my daily learning here so grab a chair and stay a while!"
WSA-Complete (Beta Tester), Toshiba Satellite L305, Intel Pentium Dual CPU at 1.87 GHz, 3 GB RAM With Windows 7 (x86) (Yes its old.. but it still usually works! : )
Please use plain text.
Threat Researcher
CameronP
Posts: 35
Registered: ‎01-19-2012

Re: New Android Trojan making the Asian rounds

No, David, it cannot. That functionality is a fundamental part of the Android OS. Unless the Market is what is asking to install an application, they're assumed to be from an "outside source" and that message will appear.
----

ಠ_ಠ
Please use plain text.
DavidP1970
Posts: 3,231
Kudos: 1,651
Registered: ‎10-28-2012

Re: New Android Trojan making the Asian rounds


CameronP wrote:
No, David, it cannot. That functionality is a fundamental part of the Android OS. Unless the Market is what is asking to install an application, they're assumed to be from an "outside source" and that message will appear.

Thanks!  So the SMS spread of it really has a lot to do with users allowing it in regardless of what the OS tells them is safe.  Of course those with Webroot installed wont have to worry so much anyway :smileyhappy:



      

New to the Community? Register now and start posting!



Helpful Webroot Links:


Download (PC)   Download (Best Buy Subscription)   Submit Trouble Ticket   Account Console   User Guides   



"If you don't learn something new every day, you need to pay more attention. I often get my daily learning here so grab a chair and stay a while!"
WSA-Complete (Beta Tester), Toshiba Satellite L305, Intel Pentium Dual CPU at 1.87 GHz, 3 GB RAM With Windows 7 (x86) (Yes its old.. but it still usually works! : )
Please use plain text.