New Android Malware Stealing Data from Popular Messenger Apps
New Android Trojan could be stealing your data through mobile instant messaging apps such as Facebook Messenger, Twitter, Skype and other IM clients.This malware was detected by security researchers from Trustlook, a cyber-security firm. A report published on Monday describes the new malware is not as sophisticated as those discovered previously and has limited capabilities.
The malware can effectively hide its configuration file and some of its modules to evade detection. researchers noted that this After infecting the app, the malware tries to modify the “/system/etc/install-recovery.sh” file to enable its execution, each time the app is opened.
It seems that the primary purpose of this malware is to steal data from messaging apps, which is later uploaded to a remote server. The trojan retrieves the IP of this server from a local configuration file.
Here’s the list of apps that could be affected by this malware:
- Facebook Messenger
- Skype
- Telegram Messenger
- Tencent WeChat
- Viber
- Voxer Walkie Talkie Messenger
- Gruveo Magic Call
- Line
- Coco
- BeeTalk
- TalkBox Voice Messenger
- Momo
Although it has a simple design and singular focus on extracting IM data, this malware uses some advanced evasion techniques.
According to Trustlook Labs, this Trojan obfuscates its configuration file and part of its modules to avoid detection which makes it difficult for anti-virus software to spot its presence.It uses anti-emulator and debugger detection techniques to evade dynamic analysis and is capable of hiding strings inside its source code to prevent any code reversing attempts.
Since the Android Trojan has a single objective (to steal data), it is quite possible that its authors are trying to collect sensitive data through private conversations, images, and videos that could be used later for extortion.Though it is not clear on how this malware gets distributed, Trustlab researchers spotted this malware inside a Chinese app named Cloud Module with the package name com.android.boxa.
Given that the malware has a Chinese name and unavailability of Play Store in China, the malware coders are probably spreading this infectious app through links on Android app forums or third-party app stores.
How to Secure?
If you are running any third party Apps, you should be uninstalled it soon. Always use anti-malware security app in your mobile devices.
Facebook: https://www.facebook.com/aywenzit/ Blogger: https://aywenz.blogspot.in/
Comments
Post a Comment