In February this year, the specialists of “Doctor Web»« set of “malicious applications for the Android operating system, has great potential, but in its” efficiency “that rivals desktop viruses. In particular, it is a Trojan that “Doctor Web” has appropriated the Scandinavian names – Android.Loki.1.origin, Android.Loki.2.origin and Android.Loki.3 respectively.
The first uses for downloading liblokih.so library that mobile Dr.Web determines how Android.Loki.6. In turn, the library is introduced into the system processes through the Trojan Android.Loki.3, then Android.Loki.1.origin receives the right to operate the system with the user system. This last is a service that can, for example, download from Google Play for any application using the special link forwarded to the account of a partner program. As a result, an attacker can get a steady income, and simultaneously remove any application on your smartphone neponravivshiesya victim, as well as to demonstrate the various notifications.
The second “friend» – Android.Loki.2.origin – is able to be installed on a mobile device, any application by a command from the management server and show the user ads. This Trojan can spy, sending its owner IMEI, IMSI, and mac-address of the infected smartphone, as well as complete information on iron and MCC / MNC-IDs. After sending the “secret” data to the management server, in response to receiving Android.Loki.2.origin configuration file needed it for further work. Thus, the “villain” gets the job and otherwise fouling on the infected device, such as advertising falls asleep, and transmits remote browser history, phone calls, contact lists and the current location of the smartphone.
There are Android.Loki.3, which introduces liblokih.so library in the system service process and allows system_server execute commands with root-rights. The last act of the other Trojan family Android.Loki, ie a third of Loki, in fact, acts as a server. Thus Trojan attackers transmit path to the script that you want to perform, and Android.Loki.3 runs this script. This leads to a natural question – how to deal with it all? “Doctor Web” offers only one way – to flash your smartphone using the original OS image. And, what can you do, because the Trojans embedded in the system folders, to which the anti-virus program does not have access.