<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>android trojan Archives - Linux Windows and android Tutorials</title>
	<atom:link href="https://www.osradar.com/tag/android-trojan/feed/" rel="self" type="application/rss+xml" />
	<link>https://www.osradar.com</link>
	<description>tutorials and news and Seurity</description>
	<lastBuildDate>Thu, 21 Jun 2018 20:43:23 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=5.8.13</generator>
	<item>
		<title>NEW! AIO Android Malware &#8211; MysteryBot</title>
		<link>https://www.osradar.com/new-aio-android-malware-mysterybot/</link>
					<comments>https://www.osradar.com/new-aio-android-malware-mysterybot/#respond</comments>
		
		<dc:creator><![CDATA[Mel]]></dc:creator>
		<pubDate>Sun, 17 Jun 2018 05:39:26 +0000</pubDate>
				<category><![CDATA[Featured]]></category>
		<category><![CDATA[Security]]></category>
		<category><![CDATA[android malware]]></category>
		<category><![CDATA[android trojan]]></category>
		<category><![CDATA[Malware]]></category>
		<category><![CDATA[mysterybot]]></category>
		<guid isPermaLink="false">https://www.osradar.com/?p=4184</guid>

					<description><![CDATA[<p>Android is the most popular operating system for smart gadgets. It’s open-source and packs such a huge power that all the major smart gadget vendors now use Android as their operating system for their devices. That’s why hackers also like to target this platform more than ever. Recently, a new malware is discovered that packs [&#8230;]</p>
<p>The post <a rel="nofollow" href="https://www.osradar.com/new-aio-android-malware-mysterybot/">NEW! AIO Android Malware &#8211; MysteryBot</a> appeared first on <a rel="nofollow" href="https://www.osradar.com">Linux  Windows and android  Tutorials</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>Android is the most popular operating system for smart gadgets. It’s open-source and packs such a huge power that all the major smart gadget vendors now use Android as their operating system for their devices. That’s why hackers also like to target this platform more than ever. Recently, a new malware is discovered that packs the power of 3 different malware types – Trojan, keylogger and a ransomware!</p>
<h2>The new malware – MysteryBot</h2>
<p>This new malware strain is still under development. However, it’s discovered recently by security researchers from ThreatFabric who happened to run across this new threat.</p>
<p>Security researchers said that the new malware seems to be related with the well-known malware strain LokiBot – a well-known Android banking Trojan.</p>
<p>According to the researchers of ThreatFabric, their code analysis of the new malware strain strongly suggests that there’re clear links between these two. It also clearly suggests that MysteryBot is based on LokiBot code.</p>
<p>Recent report on the new malware strain shows that the MysteryBot also communicates with the same C&amp;C server that LokiBot campaign used. This also suggests that both malware is the product of the same hacker(s) or group.</p>
<p>The reason behind the development of this new malware is unknown. However, it’s assumable that because the source code of LokiBot was leaked online, other cyber-criminal groups are already using the code. That’s why a new malware strain will more likely attract the underground market. However, according to the ThreatFabric security researchers, MysteryBot is not publicized in those forums as it’s still under development.</p>
<h2>MysteryBot operable on Android 7 and 8</h2>
<p>According to ThreatFabric, the new malware – MysteryBot is unique in many ways than other malware strains like LokiBot, Anubis II, CryEye, DiseaseBot etc.</p>
<p>For example, MysteryBot seems to be the first one that can reliably show “overlay screens” on Android 7 and 8. These overlay screens are efficient in stealing passwords on top of the legitimate apps. Because of security features, no malware ever succeeded in using a proper overlay screens on Android 7 (Nougat) and Android 8 (Oreo).</p>
<p>Now, MysteryBot is able to perfectly show the overlay screen on proper timing – when a user is using banking app. Thanks to the misuse of Android feature “Usage Access permission”, it indirectly leaks the information what app the user is currently using.</p>
<h2>Other components</h2>
<p>MysteryBot also comes up with other modules like the keylogger and a faulty ransomware module. Let’s talk about these two.</p>
<p>The keylogger is an advanced one – not available in the current Android market. Instead of taking screenshots what users are typing, this advanced keylogger directly captures the location of a touch gesture instead. Then, using the touch positions, the malware tries to guess the password string from the virtual keyboard. This module is still not active.</p>
<p>The faulty ransomware isn’t so well-coded. According to ThreatFabric, instead of encrypting files on the system, the module creates password-protected ZIP archives of those files. The password strength isn’t strong enough to protect the archives from brute-force attacks. Moreover, the passwords can easily be overwritten from the control panel when a new victim with the same ID syncs with the MysteryBot backend.</p>
<p><img loading="lazy" class="size-full wp-image-4185 aligncenter" src="https://www.osradar.com/wp-content/uploads/2018/06/mysterybot-control-panel.png" alt="" width="1497" height="683" srcset="https://www.osradar.com/wp-content/uploads/2018/06/mysterybot-control-panel.png 1497w, https://www.osradar.com/wp-content/uploads/2018/06/mysterybot-control-panel-300x137.png 300w, https://www.osradar.com/wp-content/uploads/2018/06/mysterybot-control-panel-768x350.png 768w, https://www.osradar.com/wp-content/uploads/2018/06/mysterybot-control-panel-1024x467.png 1024w, https://www.osradar.com/wp-content/uploads/2018/06/mysterybot-control-panel-696x318.png 696w, https://www.osradar.com/wp-content/uploads/2018/06/mysterybot-control-panel-1068x487.png 1068w, https://www.osradar.com/wp-content/uploads/2018/06/mysterybot-control-panel-921x420.png 921w" sizes="(max-width: 1497px) 100vw, 1497px" /></p>
<h2>How to stay secured</h2>
<p>There are lots of ways this malware can make into your phone. That’s why it’s strongly recommended that you don’t use apps from any unauthenticated sources, even from the Google Store. There are several apps in the wild that downloads several payloads from a server and if the dev wishes, the payloads are easy to swap with such powerful malware that can collect important information for them.</p>
<p>The post <a rel="nofollow" href="https://www.osradar.com/new-aio-android-malware-mysterybot/">NEW! AIO Android Malware &#8211; MysteryBot</a> appeared first on <a rel="nofollow" href="https://www.osradar.com">Linux  Windows and android  Tutorials</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.osradar.com/new-aio-android-malware-mysterybot/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Android Trojan Steals Info from Messenger, Skype, Twitter &#038; More</title>
		<link>https://www.osradar.com/android-trojan-steals-info-from-messenger-skype-twitter-more/</link>
					<comments>https://www.osradar.com/android-trojan-steals-info-from-messenger-skype-twitter-more/#respond</comments>
		
		<dc:creator><![CDATA[Mel]]></dc:creator>
		<pubDate>Thu, 05 Apr 2018 04:38:59 +0000</pubDate>
				<category><![CDATA[Featured]]></category>
		<category><![CDATA[Security]]></category>
		<category><![CDATA[android malware]]></category>
		<category><![CDATA[android trojan]]></category>
		<category><![CDATA[trojan]]></category>
		<guid isPermaLink="false">https://www.osradar.com/?p=2403</guid>

					<description><![CDATA[<p>Android is the most popular operating system for smart devices. As Android is open-source, powerful yet flexible, smartphone manufacturers always choose it as their devices’ OS. Due to the immense popularity, hackers also target Android system for hacking. Recently, a new Android Trojan was identified that extracts information from other apps like Messenger, Twitter, Skype, [&#8230;]</p>
<p>The post <a rel="nofollow" href="https://www.osradar.com/android-trojan-steals-info-from-messenger-skype-twitter-more/">Android Trojan Steals Info from Messenger, Skype, Twitter &amp; More</a> appeared first on <a rel="nofollow" href="https://www.osradar.com">Linux  Windows and android  Tutorials</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>Android is the most popular operating system for smart devices. As Android is open-source, powerful yet flexible, smartphone manufacturers always choose it as their devices’ OS. Due to the immense popularity, hackers also target Android system for hacking. Recently, a new Android Trojan was identified that extracts information from other apps like Messenger, Twitter, Skype, WeChat, Viber, Line etc.</p>
<p>According to security researchers from Trustlook, the Trojan is quite simple in design but uses an advanced method to hide from the system and other defenses.</p>
<h3>How the Android Trojan works</h3>
<p>The Trojan gains access to boot persistence and executes itself at every boot. At first, the malware unpacks the malicious code from the app’s resources. Then, it tries to modify a bash file at “/system/etc/install-recovery.sh”. If the modification is successful, it allows the malware to run at every boot.</p>
<p>Then, its task is to extract the data from the IM clients. The most popular ones are already mentioned above. The complete list of vulnerable IM clients can be found <a href="https://blog.trustlook.com/2018/04/02/a-trojan-with-hidden-malicious-code-steals-users-messenger-app-information/">here</a>. After collecting the information, the malware sends the data to a remote server. The server’s IP address is loaded from a pre-configured file.</p>
<p>This malware was identified inside a Chinese app named “Cloud Module” (in Chinese). The package was named “com.android.boxa”.</p>
<h3>Evasion techniques</h3>
<p>According to the researchers of Trustlook, despite simple workflow of the Android Trojan (running persistently, extracting info and uploading to remote server), it’s quite efficient in hiding itself. For example, it implements anti-emulator &amp; debugger detection that allows avoiding dynamic analysis. Moreover, it hides strings inside its source code for protection against thwart lackadaisical code reversing.</p>
<p>The method of workflow tells that the attacker is collecting personal information (chat, images or videos) for using later in extortion attempts or blackmailing from the high-profile victims. Researchers didn’t share any information how the malware spreads itself. However, as there’s no Play Store in China, the culprits are most likely spreading the malware via 3<sup>rd</sup>-party app stores and Android app forums.</p>
<p>There are also other attempts from Chinese vendors that shipped Android smartphones with built-in Trojan! <a href="https://www.osradar.com/pre-installed-malware-in-android/">Learn more about the pre-installed Trojan on the Android smartphones</a>.</p>
<p>The post <a rel="nofollow" href="https://www.osradar.com/android-trojan-steals-info-from-messenger-skype-twitter-more/">Android Trojan Steals Info from Messenger, Skype, Twitter &amp; More</a> appeared first on <a rel="nofollow" href="https://www.osradar.com">Linux  Windows and android  Tutorials</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.osradar.com/android-trojan-steals-info-from-messenger-skype-twitter-more/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Pre-installed Trojan in Android Smartphones</title>
		<link>https://www.osradar.com/pre-installed-malware-in-android/</link>
					<comments>https://www.osradar.com/pre-installed-malware-in-android/#respond</comments>
		
		<dc:creator><![CDATA[Mel]]></dc:creator>
		<pubDate>Tue, 06 Mar 2018 08:26:35 +0000</pubDate>
				<category><![CDATA[Security]]></category>
		<category><![CDATA[android trojan]]></category>
		<category><![CDATA[dr. web]]></category>
		<category><![CDATA[trojan]]></category>
		<guid isPermaLink="false">https://www.osradar.com/?p=2087</guid>

					<description><![CDATA[<p>Recently, Android security provider company Dr. Web reported that a good number of the Android phone in the market come up with a pre-installed Trojan named “Android.Triada.231”. This Trojan is capable of stealing any information it needs. The company discovered the Trojan in mid-2017 and after an in-depth research, they found out that over 40 [&#8230;]</p>
<p>The post <a rel="nofollow" href="https://www.osradar.com/pre-installed-malware-in-android/">Pre-installed Trojan in Android Smartphones</a> appeared first on <a rel="nofollow" href="https://www.osradar.com">Linux  Windows and android  Tutorials</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>Recently, Android security provider company Dr. Web reported that a good number of the Android phone in the market come up with a pre-installed Trojan named “Android.Triada.231”. This Trojan is capable of stealing any information it needs.</p>
<p>The company discovered the Trojan in mid-2017 and after an in-depth research, they found out that over 40 smartphone models are affected by it. These phones are from the low-end category including devices from Umi, Cubot, Doogee &amp; Leagoo etc.</p>
<p>Dr. Web reported the issue to the companies and in one particular case, it was discovered that the culprit behind the Trojan was a partnership with a software developing company in Shanghai. The contract required the OEMs to pre-install one of their software in the operating system.</p>
<h3>How “Android.Triada.231” works</h3>
<p>This malware is extremely dangerous as it runs since the starting of the phone where there’re a few setup processes. This could lead to serious situations.</p>
<p>According to Dr. Web, the Trojan infect an important Android process named “Zygote”. This process launches all the apps in Android. Thus, once the Trojan is inside the module, it can get inside each and every application that runs on the system.</p>
<p>Thus, the Trojan obtains the ability to carry out any malicious activity without the user’s notice. It also cleverly downloads and launches additional software. The file “libandroid_runtime.so” is the home of “Android.Triada.231”, an important system library for the Android operating system. The main feature is, this Trojan isn’t distributed as an additional software and infects the system during manufacturing. The users who purchase the phone gets built-in Trojan in the way.</p>
<p>The number of possible infected devices can go even higher. However, the 40 designs are confirmed that those are compromised by the Trojan. There could be other phones having the same issue as well.</p>
<h3>How to stay secured</h3>
<p>This is not an easy process to remove the Trojan. The malware comes built-in; in other words, as system software. General antivirus and security apps can’t remove the Trojan even if that’s identified. Giving a system reset doesn’t work, as the system’s backup image is the source of the Trojan.</p>
<p>The best way to stay secure from this malware is to change the smartphone. If you’re an advanced user, you can try rooting the device and fix the problem with antivirus or install a custom ROM. The latest Galaxy S9 is also announced. <a href="https://www.osradar.com/galaxy-s9-announced-everything-know/">Learn more about Galaxy S9</a>.</p>
<p>Here’s the complete list of all the infected (confirmed) devices. Take quick actions if you own any of these.</p>
<ul>
<li>Leagoo M5</li>
<li>Leagoo M5 Plus</li>
<li>Leagoo M5 Edge</li>
<li>Leagoo M8</li>
<li>Leagoo M8 Pro</li>
<li>Leagoo Z5C</li>
<li>Leagoo T1 Plus</li>
<li>Leagoo Z3C</li>
<li>Leagoo Z1C</li>
<li>Leagoo M9</li>
<li>ARK Benefit M8</li>
<li>Zopo Speed 7 Plus</li>
<li>UHANS A101</li>
<li>Doogee X5 Max</li>
<li>Doogee X5 Max Pro</li>
<li>Doogee Shoot 1</li>
<li>Doogee Shoot 2</li>
<li>Tecno W2</li>
<li>Homtom HT16</li>
<li>Umi London</li>
<li>Kiano Elegance 5.1</li>
<li>iLife Fivo Lite</li>
<li>Mito A39</li>
<li>Vertex Impress InTouch 4G</li>
<li>Vertex Impress Genius</li>
<li>myPhone Hammer Energy</li>
<li>Advan S5E NXT</li>
<li>Advan S4Z</li>
<li>Advan i5E</li>
<li>STF AERIAL PLUS</li>
<li>STF JOY PRO</li>
<li>Tesla SP6.2</li>
<li>Cubot Rainbow</li>
<li>EXTREME 7</li>
<li>Haier T51</li>
<li>Cherry Mobile Flare S5</li>
<li>Cherry Mobile Flare J2S</li>
<li>Cherry Mobile Flare P1</li>
<li>NOA H6</li>
<li>Pelitt T1 PLUS</li>
<li>Prestigio Grace M5 LTE</li>
<li>BQ 5510</li>
</ul>
<p><span class="td_text_highlight_marker_blue td_text_highlight_marker">source: <a href="http://news.softpedia.com/news/android-phones-caught-selling-with-pre-installed-factory-malware-520058.shtml">Softpedia</a></span></p>
<p>The post <a rel="nofollow" href="https://www.osradar.com/pre-installed-malware-in-android/">Pre-installed Trojan in Android Smartphones</a> appeared first on <a rel="nofollow" href="https://www.osradar.com">Linux  Windows and android  Tutorials</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.osradar.com/pre-installed-malware-in-android/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
	</channel>
</rss>
