Friday, April 1, 2016

New Android-Trojan spreads via GPS – Ferra

The company “Doctor Web” has told about a new danger to users of mobile devices based on Android. They found Android-Trojan, which is to spread exploits a vulnerability in one of the responsible for the work with GPS Android operating system components

Trojan masquerades Android.GPStrack.1.origin in applications under the program directory, use GPS, such as navigators, map services, application delivery services of goods and food. This allows the user to request access to GPS-tracker data without arousing suspicion.

After installing Android.GPStrack.1.origin refers to the standard component android.location.LocationManager operating system intended for GPS subsystem interact with the device. This component is used in their work getLastKnownLocation method. If GPS-tracker application returns a specific geographic location, allows you to perform the specified function in the device memory of arbitrary code, referred to it as a parameter in the form of HEX-line. As a result, you can run it on the infected gadget any code. The vulnerability is relevant for all versions of the Android operating system starting from 4.1.

Android.GPStrack.1.origin sends to the management server information about the infected device, including its model, operating system version, as well as an identifier IMEI, then by malicious command downloads and installs on the system other malicious applications.

at the moment, there are more than two hundred values ​​of geographical coordinates that can trigger the Trojan. In particular, these coordinates are 53 ° 13’18 “with. w. 33 ° 26’03 “a. etc. -. if the user enables GPS-tracker in this geographical point, after installation of communication satellites would be infected his device



No comments:

Post a Comment