Android Trojan Steals Info from Messenger, Skype, Twitter & More

Windows Articles

How to get Always-on Display feature in any Android

Greetings dear readers, the Always-on Display feature has been included in many Android devices for several years now. But they have been...

Error in Windows 10 preventing them from using the internet

The Windows 10 May 2020 Update brought more problems than solutions. Users around the world are complaining about a new bug. A...

How to install MyWebSQL on Ubuntu 20.04?

Managing a database server with MySQL is not an easy task. Therefore, specialized tools are required to improve the task. In Osradar...

New Office app arrives: free and renewed

Microsoft goes one step further. This time positive. This week the Redmond people launched the new Office app for Windows 10. The...

How to install Gradle on Ubuntu 20.04?

Hi, folks. In this post dedicated to Java, you will learn how to install Gradle on Ubuntu 20.04 Gradle...
Mel Khamlichi
Mel Khamlichihttp://www.osradar.com
Founder of Osradar, from Amsterdam Netherlands

Android is the most popular operating system for smart devices. As Android is open-source, powerful yet flexible, smartphone manufacturers always choose it as their devices’ OS. Due to the immense popularity, hackers also target Android system for hacking. Recently, a new Android Trojan was identified that extracts information from other apps like Messenger, Twitter, Skype, WeChat, Viber, Line etc.

According to security researchers from Trustlook, the Trojan is quite simple in design but uses an advanced method to hide from the system and other defenses.

How the Android Trojan works

The Trojan gains access to boot persistence and executes itself at every boot. At first, the malware unpacks the malicious code from the app’s resources. Then, it tries to modify a bash file at “/system/etc/install-recovery.sh”. If the modification is successful, it allows the malware to run at every boot.

Then, its task is to extract the data from the IM clients. The most popular ones are already mentioned above. The complete list of vulnerable IM clients can be found here. After collecting the information, the malware sends the data to a remote server. The server’s IP address is loaded from a pre-configured file.

This malware was identified inside a Chinese app named “Cloud Module” (in Chinese). The package was named “com.android.boxa”.

Evasion techniques

According to the researchers of Trustlook, despite simple workflow of the Android Trojan (running persistently, extracting info and uploading to remote server), it’s quite efficient in hiding itself. For example, it implements anti-emulator & debugger detection that allows avoiding dynamic analysis. Moreover, it hides strings inside its source code for protection against thwart lackadaisical code reversing.

The method of workflow tells that the attacker is collecting personal information (chat, images or videos) for using later in extortion attempts or blackmailing from the high-profile victims. Researchers didn’t share any information how the malware spreads itself. However, as there’s no Play Store in China, the culprits are most likely spreading the malware via 3rd-party app stores and Android app forums.

There are also other attempts from Chinese vendors that shipped Android smartphones with built-in Trojan! Learn more about the pre-installed Trojan on the Android smartphones.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to get Always-on Display feature in any Android

Greetings dear readers, the Always-on Display feature has been included in many Android devices for several years now. But they have been...

Error in Windows 10 preventing them from using the internet

The Windows 10 May 2020 Update brought more problems than solutions. Users around the world are complaining about a new bug. A...

How to install MyWebSQL on Ubuntu 20.04?

Managing a database server with MySQL is not an easy task. Therefore, specialized tools are required to improve the task. In Osradar...

New Office app arrives: free and renewed

Microsoft goes one step further. This time positive. This week the Redmond people launched the new Office app for Windows 10. The...

How to install Gradle on Ubuntu 20.04?

Hi, folks. In this post dedicated to Java, you will learn how to install Gradle on Ubuntu 20.04 Gradle...