Friday, March 4, 2016

Detect Trojan that attacks the brain of Android phones – TI Journal

smartphones running on Android 4.4.4. and earlier versions of this operating system are most at risk of infection have.

TI Journal 03/03/16 19:53:42

Kaspersky Lab has discovered Triada, a new Trojan targeting Android devices comparable, because of its complexity, with the Windows-based malware. According to the security firm, malware is stealthy, modular, persistent and created by highly professional cybercriminals. Devices running Android version 4.4.4. and earlier are those most at risk of infection.

According to the latest report Mobile Virusology Kaspersky Lab, almost half of the Top 20 of the Trojans 2015 were malicious programs ability to steal access rights root, ie, that give cybercriminals the ability to install applications on the phone without the user’s knowledge. This type of malware is spread via applications that users downloaded / installed from untrusted sources. Other times, these applications can be found on the official Google Play store and passed by a game or entertainment application. They can also be installed during the upgrade applications, even those that are preinstalled on the mobile device.

There are 11 families of known mobile Trojans using root privileges. Three of them – Ztorg, Gorpo and Leech – acting in cooperation with others. Normally these Trojans infected devices are organized into a network, creating a network of bots advertising that agents can use to install different types of adware. But that’s not all, shortly after rooting the device, the Trojan downloads and installs a backdoor. This download active two modules that have the ability to download, install and run applications.

The application loader and installation modules refer to different types of Trojans, but they were added to the bases antivirus Kaspersky Lab under a common name data -. Triada

Enter the process Android

a distinctive feature of this malware is the use of zygote – the creator of process applications on an Android device – containing system libraries and frameworks used by each application installed on the device. In other words, it is a “demon” whose goal is to launch Android applications and this means that as soon as the Trojan enters the system, it becomes part of the application process and can even change the logic of all operations .

The benefits of this malware are very advanced. After entering the user’s device, Triada is implemented in almost all work processes and remains in short term memory. This makes it almost impossible to detect and remove. Triada operates silently, which means that all malicious activities are hidden both from the user and from other applications.

Because of the complexity of the functionality of the Trojan is evident that cybercriminals behind this malware they are very professional, with a deep knowledge of the mobile platform.

the business model Triada

Triada can modify outgoing SMS messages sent by other applications . When a user is shopping on the application via SMS for Android games, the ciberdefraudadores modify outgoing SMS to receive the money them.

“The Triad Ztrog, Gorpo and Leech marks a new stage in the evolution of Android-based threats. They are the first malicious programs with potential to escalate their privileges to almost all devices. Most users attacked by Trojans is in Russia, India and Ukraine, as well as countries in APAC. Its main threat is that it provides access to more advanced and dangerous malware. They also have a well-thought architecture, developed by cybercriminals who have a deep knowledge of the mobile platform destination, “says Nikita Buchka, junior malware analyst at Kaspersky Lab.

Since it is almost impossible to uninstall this malware from a device, users have two options to get rid of it. The first is to root the device and delete malicious applications manually. The second option is to jailbreak the Android system on the device

Image. Bloomua via Shutterstock

LikeTweet

No comments:

Post a Comment