In February this year, the specialists of “Doctor Web» found « set of “malicious applications for the Android operating system, has great potential, but in its” efficiency “that rivals desktop viruses. In particular, it is a Trojan that “Doctor Web” has appropriated the Scandinavian names – Android.Loki.1.origin, Android.Loki.2.origin and Android.Loki.3 respectively.
The first uses for downloading liblokih.so library that mobile Dr.Web determines how Android.Loki.6. In turn, the library is introduced into the system processes through the Trojan Android.Loki.3, then Android.Loki.1.origin receives the right to operate the system with the user system. This last is a service that can, for example, download from Google Play for any application using the special link forwarded to the account of a partner program. As a result, an attacker can get a steady income, and simultaneously remove any application on your smartphone neponravivshiesya victim, as well as to demonstrate the various notifications.
The second “friend» – Android.Loki.2.origin – is able to be installed on a mobile device, any application by a command from the management server and show the user ads. This Trojan can spy, sending its owner IMEI, IMSI, and mac-address of the infected smartphone, as well as complete information on iron and MCC / MNC-IDs. After sending the “secret” data to the management server, in response to receiving Android.Loki.2.origin configuration file needed it for further work. Thus, the “villain” gets the job and otherwise fouling on the infected device, such as advertising falls asleep, and transmits remote browser history, phone calls, contact lists and the current location of the smartphone.
There are
No comments:
Post a Comment