Android Trojan Hides As A Video Player For Pornographic Movies
A security researchers observed that an Android trojan hides as a video player for pornographic movies and in order to avoid antivirus detection it uses a multi-stage installation process.
The Various antivirus makers detected the trojan under different names. The trojan is distributed from rogue websites that advertise pornographic content.
A malicious video player was downloaded and installed by users to view the adult movies, but once the malicious Android package is executed, it installs the other three apps on the device.
Three-Stage installation process used by the Trojan and once, when the user clicks these three second-stage apps, the crooks forcibly installing the third wave of apps. It was also advertised as adult-themed applications.
To make harder for the security companies to detect and piece back their attack routine, they split malicious behavior between different applications.
The Trojan provides the function of intercepting and sending SMS messages, so crooks used this app in order to subscribe users to various types of premium services.
The trojan intercepts it When these premium services send an SMS verification code to each victim. After that, the verification code is sent back to the sender, as a sign of authenticity.
Only in the first app, there is a requirement for the user to grant it permissions for sending SMS messages. This reduces the possibility of pornography-craving users of suspecting anything strange when installing the subsequent apps.
Zscaler researchers explain the process which these different apps use to talk to each other, and coordinate their malicious behavior.
"The application uses the concept of pending intents, which allows another application to use your application's permissions to execute a predefined piece of code,"
Only a few SIM operators in China was the target of this trojan, according to the researchers report. We can remove this app as other Android app because trojan does not include support for rooting the device.
Source: Softpedia
ليست هناك تعليقات:
إرسال تعليق