Archives

How much evil can be swallowed?

A new Trojan was discovered, which is well hidden in a very encrypted and complicated code, and if that’s not enough, it penetrates few loopholes in the operating system and becomes impossible to remove! So what can be done?

Android users, beware! A new Trojan horse, worse than all its predecessors all together, is starting to circle around in Android device.
Although it is still not particularly common, there are already dozens of warnings, and therefore we will probably still run into it. Unfortunately.

The new Trojan is able to do quite a bit of trouble, such as: send expensive SMS to premium services, download and install other spyware on the infected device or transfer them to other devices using Bluetooth and to execute various commands given remotely.
OK, so far it sounds like a regular evil Trojan, so why we think it is particularly nasty? The reason lies in the code. Usually, the hackers who write the various spyware, do this while creating code manipulations aimed at interrupting anti-malware companies that try to destroy them. In this case, the code is built horribly complicated, actually makes a lot of trouble to those who try to fight the spyware.
That’s not all – the hackers also found a breach in the Android operating system file called AnsroidManifest.xml. This file exists in all Android apps, and used to determine the necessary parameters such as the structure of the application, the parameters being applied at runtime, and more.
This Trojan changes that file enabling various applications upload, yet it does not fit the standards of Google, which makes anti-malware engineers’ life very difficult, especially when trying to run dynamic analysis.
By utilizing another loophole in Google’s operating system, the hackers can get advanced device management options using various installed malicious applications, without those applications appear in the list of apps with those permissions. As a result, it is almost impossible to detect and delete these malicious applications.
And if that’s not enough, the Trojan does not have any application interface, so it operates entirely in the background of the operating system, another recipe for real trouble, especially if you are trying to locate it.

What can you do? First, do not give management permission to applications that you do not know, and that you did not just download. As mentioned, once you give this malicious application the management, it cannot be deleted, so this basic precautionary step is extremely necessary.
In addition, you will notice that this is a Trojan horse that looks more like the ones circulating in Windows operating system, and less like those distributed in Android operating system. The conclusion is that hackers are becoming more sophisticated and more sinister, and that Android users have to be more careful. This is always true, but now the most.