New Mobile Malware for Android Discovered
Malware developers continuously find newer methods for infecting people's gadgets. Some of the methods are so effective that the resultant malware threats cause immense harm. A very recent group of malicious programs, a discovery of Symantec, attacks Android devices being used inside China. This malware family has been dubbed Android.Spywaller, softpedia.com reports, December 28, 2015.
Android.Spywaller is unique because when it infects, it hunts for the widely-used security application Qihoo 360 that Chinese Android-operators use. When the malware hunts as well as registers its presence on the Android gadget, it uses identical Unique Identifier (UID) that Qihoo 360 uses. After this, it plants the DroidWall binary, which is an edition of UNIX iptable a bundled program, customized for easy execution on Android gadgets.
One popular firewall utility, the iptable bundled program is designed for Linux running computers. Moreover, DroidWall is the creation of Rodrigo Rosauro an independent security investigator, who after sometime gave away the binary to AVAST for a price during 2011. For some years, the application worked like an open source, and because of that malware developers may yet obtain it through GitHub repositories or Google Code.
Similar as with Android.Spywaller, DroidWall too is usable for locking security applications so they can't interact with their servers, which may be cloud-based e-threat analyzers. Consequently, the security applications become unusable thus letting the malware run without any obstacle, while the device becomes safely accessible to the criminals.
Symantec researchers explain the spyware pretends to be one Google Services application followed with utilizing an authentic security program, which's embedded on the device, for hijacking other security software which could have defended the device. At this point victims become lured since authorized Google utilities such as Google Play aren't available inside China. Consequently, the spyware causes the damage by loading its payload having the malicious program, inside the gadget's memory.
The application, says Symantec, hunts data that it exfiltrates. The data include GPS readings, SMS, call logs, e-mails, system browser information, contact lists, images and radio items. Moreover, the application even garners data from QQ, Coco, Oovoo, BlackBerry Messenger, Talkbox, Skype, SinaWeibo, Wechat, Voxer, TencentWeibo, Zello and WhatsApp.
» SPAMfighter News - 12/31/2015