New Android Trojan found to be Stealing Data from YOUR Apps

Devesh Prabhu/ March 3, 2018/ Android, Mobile, Phone, Security, Smartphones/ 0 comments

There’s a new Trojan in town, and it may be stealing your personal data. It is theorized that this Android Trojan is doing this through messaging applications/clients.

 

Table of Contents

Android Trojan: Trustlook

Security researchers from Trustlook detected this Android malware. Trustlook is a cyber-security firm. Trustlook published a report on Monday describing the new Trojan. The new Trojan is described as simple and with fewer abilities.

 

Android Trojan: Infection, Execution, and Purpose

After infection, the Trojan attempts to modify “/system/etc/install-recovery.sh.” It does so to enable its own execution every time the infected applications are opened.

The primary purpose of this Trojan is stealing data from messaging applications. It is then uploaded to a remote server later. The malware obtains the required IP of the server from a configuration file located locally.

 

Android Trojan: Infected Apps

  • BeeTalk
  • Coco
  • Facebook Messenger
  • Gruveo Magic Call
  • Line
  • Momo
  • Skype
  • TalkBox Voice Messenger
  • Telegram Messenger
  • Tencent WeChat
  • Twitter
  • Viber
  • Voxer Walkie Talkie Messenger
  • Weibo

Though the design is simple, the focus is extracting instant messaging information. This Android Trojan uses evasion proficiency that is advanced.

As reported by Trustlook, the malware alters the configuration file and part of itself for avoiding detection. This in turn makes it difficult for antivirus software to recognize presence of the Trojan.

Dynamic analysis is evaded by the use of anti-emulator and debugger detection methods. The malware hides strands in its source code for preventing code reversal attempts.

The malware’s objective is stealing data. The possibility is the creators are collecting sensitive data.  These private conversations, photos, and/or videos would later be used for blackmail.

It is not clear how the Trojan is being distributed. Trustlab researchers first spotted the malware inside Cloud Module. Cloud Module is a Chinese app. “com.android.boxa” is the package name for Cloud Module.

Given the Chinese name and the unavailability of Google’s Play Store in China, the malware is being spread through Android forums. It may even be spread through third-party Android app stores.

 

 

 

Twitter Key Words: #Android #Trojan #AndroidTrojan #StealingData #Apps #PersonalData #MessagingApplications #MessagingClients #Trustlook #Security #Researchers #Malware #Cyber-SecurityInfection #Execution #InfectedApplications #RemoteServer #ConfigurationFile #Beetalk #Coco #FacebookMessenger #GruveoMagicCall #Line #Momo #Skype #TalkboxVoiceMessenger #Telegram #TelegramMessenger #Tencent #TencentWechat #Twitter #Viber #VoxerWalkieTalkieMessenger #WalkieTalkie #Weibo #DynamicAnalysis #Anti-Emulator #DebuggerDetection #CodeReversal #PrivateConversations #Photos #Videos #Blackmail #TrustlabCloudModule #ChineseApp #Com.Android.Boxa #GooglePlayStore #PlayStore #China #AndroidForums #AndroidAppStores #AndroidMalware

 

 

 

 

 

 

 

 

 

 

 

 

[Devesh Prabhu is a simple person who follows #Tech, #Smartphones, #Tablets, and other #Technology related #NEWS in general and blogs about them in his own way. He has been blogging on these and many other technology-related topics through his various blogs. You can always find him tinkering with his various gadgets to see what makes them tick. When not blogging or writing articles, you can find him enjoying the calmness and serenity of nature in a secluded location.

 

You can follow us Devesh Prabhu on Google+, Facebook, Twitter, and/or Pinterest to receive instant updates and the latest #Articles or #Blog #Posts as and when they are published to the #Site.

 

[Note: The article "New Android Trojan found to be Stealing Data from YOUR Apps" first appeared on https://deveshprabhu.in, a different take on things related to #Tech, #Smartphones, #Tablets, #Electronics, and other #Technology related #NEWS in general.]

 

[DISCLAIMER: Any and all type of content provided on this blog/website is for informational purposes only. The owner of this blog/website does not make any representations as to the accuracy or completeness of any and all information provided on this blog/website or found by following any external or internal link(s) on this blog/website. The owner of this blog/website will not be liable or held responsible for any and all correctness, errors, and/or omissions in the information provided nor for the availability of this provided information. The owner of this blog/website will not be liable for any losses, injuries, or damages from the display or use of this provided information. These terms and conditions of use are subject to changes at anytime and without prior notices whatsoever.]

Like
Tweet
Pin
Share1
1 Shares
Share this Post

Leave a Comment