Sunday, October 20, 2013

Another vulnerability in Android is used to hide the new trojan virus - Chronicle of world events

Another vulnerability in Android is used to hide the new trojan virus The company “Doctor Web” Announces the Trojans on the platform of Android, which is designed to steal confidential information in the South Korean people. In terms of functionality it resembles other malware, but during its development attackers used the vulnerability of the Android operating system in order to bypass anti trojan antivirus programs. This greatly increases the potential hazard to the owners of devices on Android. Today it is mainly distributed in South Korea, but in the future it is possible that various modifications thereof will start to appear in other countries.

Android.Spy.40.origin with unwanted SMS messages with links to the apk-file is distributed among the South Korean people. This method of spreading malicious programs for Android is the most popular among cybercriminals in Southeast Asia (primarily Japan and South Korea). After the user has installed and launched Android.Spy.40.origin, trojan requests access to the administrative features of mobile devices, and then deletes your shortcut from the main screen, secretly continuing his work.

Next malware connects to a remote server for further instructions. Android.Spy.40.origin, for example, is able to perform these actions:

– Interception of incoming SMS messages, and download them to a remote server (messages are hidden from the user).
– Barring of outgoing calls.
– Send to a server program list and the contacts list.
– Installing or removing a specific application, as specified in the received command.
– Sending SMS with the specified text to the number specified in the command.

malware poses a serious threat to the owners of Android-devices, because SMS messages, which it intercepts may include confidential information in the form of both personal and business correspondence, data, banking details, as well as one-time codes mTAN, designed to protect financial transactions. Moreover, the list of contacts obtained by cybercriminals can then be used to organize mass phishing attacks and SMS mailings.

Android.Spy.40.origin But the key feature is to avoid detection by antivirus programs exist, thanks to the use of vulnerability OS Android. To do this, hackers have made specific changes to the apk-file (apk-file is a standard zip-archive with a different extension).

In accordance with the specification of the format zip, archive header for each file it contains a field General purpose bit flag. Bit is set to zero in this field indicates zashyfrovanost files in the archive (password protection). Speaking in other words, despite the lack of a password, the archive will still be treated as protected.

See also: Malicious programs are most often attacked Android

Under normal circumstances, when you unpack this zip-file, you will be notified of the need to enter the password, but in the case of Android algorithm of such archives contains a bug that set the zero bit is ignored, so the custom installation. In contrast, the operating system that has the error, the various anti-virus software must correctly handle the field General purpose bit flag, assuming the file is not password protected and scanning it, even if the record of the malicious file in the apk is contained in the virus.

If you have found a mistake in the text, select it with the mouse and press Ctrl + Enter

No comments:

Post a Comment