Android Trojan Steals Data From Facebook Messenger, Skype, Other IM Clients

Haythem Elmir

Security researchers have found a new Android malware strain that has been designed to steal data from mobile instant messaging clients. This new trojan is quite simple in its design, researcher from cyber-security firm Trustlook said in a report published on Monday.

Trojan has only a handful of features

The trojan has only a few abilities. The first is to gain boot persistence by unpacking code from an infected app’s resources. The code will attempt to modify the « /system/etc/ » file, which if successful, would allow the malware execute with every boot.

Second, the malware can extract data from the following Android IM clients, data that it will later upload to a remote server. The malware retrieves the IP of this server from a local configuration file.

Facebook Messenger
Voxer Walkie Talkie Messenger
Gruveo Magic Call
TalkBox Voice Messenger

Researchers spotted the malware inside a Chinese app named Cloud Module (in Chinese), with the package name

Simple features, but advanced evasion techniques

Trustlook researchers say that despite the singular focus on stealing IM data, the malware uses a few advanced evasion techniques. For example, the malware uses anti-emulator and debugger detection techniques to evade dynamic analysis, and also hides strings inside its source code to thwart lackadaisical code reversing attempts.

It is strange that Android malware only comes with one single functionality, that to extract and exfiltrate IM data. A theory for this design choice would be that attackers are collecting private conversations, images, and videos, in an attempt to identify sensitive data that they could later leverage in extortion attempts, especially against high-profile victims.

Researchers have not shared any info on the malware’s distribution methods, but taking into account that the malware has a Chinese name and that there’s no Play Store in China, the malware’s authors may be distributing the malicious app via third-party stores and links on Android app forums.

To read the original article:


Laisser un commentaire

Next Post

OpenBSD 6.3 Released Early and Available for Download Now

OpenBSD 6.3 Released Early and Available for Download Now Ahead of schedule, OpenBSD 6.3 is now available for download. Originally planned to be released on April 15th, the OpenBSD team released it early as « all the components are ready ». OpenBSD 6.3 can be downloaded from a variety of mirrors listed on the […]