1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Trojan Distributed As Android Market Security Update

Discussion in 'Security Updates' started by starbuck, Mar 10, 2011.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Chinese hackers are distributing a mobile trojan to users as a repackaged version of the Android Market security update released by Google last week.

    Repackaging legit Android apps with trojans is becoming a common propagation method for mobile malware targeting Google's operating system.

    The trend began in Russia, where the motivation behind the malicious programs was to steal credit by silently sending text messages to premium rate numbers.

    Then it moved to China where more sophisticated Android malware variants were caught performing click fraud or displaying botnet-like capabilities.

    The problem reached a global audience when over 50 apps were rigged with a trojan and published on the Android Market under different names.

    Google took them down last week shortly after being notified and used the remote uninstall feature to remove the trojan from infected devices.

    However, the malware also used a public exploit to root the device before installing itself, so the company also pushed an over-the-air update called "Android Market Security Tool" to undo it.

    Security researchers from F-Secure and Symantec now warn that Chinese hackers have ironically repackaged this security tool with a new trojan dubbed Android.Bgserv.

    Like most Android malware, Bgserv sends device identification codes (IMEI) to a remote server and can receive commands.

    According to Symantec, it can be ordered to send SMS messages to a number specified by attackers which means it can theoretically be used to steal credit.

    "Analysis of the application is still ongoing, however, what is shocking is that the threat’s code seems to be based on a project hosted on Google Code and licensed under the Apache License," the Symantec experts write.

    The trojanized app is distributed from unregulated market places, which are common in China where there is no official Android Market.

    "This malware appears to be specific to a mainland Chinese network, as it contacts the number 10086 (related to China Mobile Net) and uses the new APN with the name 'cmnet' inserted in the APN list," note security researchers from F-Secure.


    Source:
    http:/ ews.softpedia.com ews/Trojan-Distributed-as-Android-Market-Security-Update-188831.shtml
     
    starbuck, Mar 10, 2011
    #1

Share This Page