Xiny: Yet Another Android Trojan

Xiny is not new malware for the community. This was first noted in March 2015 (Dr. Web, 2016). Since this time the malware has received an upgrade, initially to version .60 (Olenick, 2016). This also has been modified with version .61 and .62. This also attacks Google Play and Google Play Services. Version .62 was focussed on monitoring for any new application being launched (Arghire, 2016).

New & Improved

The best malware samples are coded in various ways to ensure this lasts as long as possible. In this end, the malware has the greatest opportunity to do the most damage. The new version has been coded to root the target device and secure the system’s privileges as needed (Olenick, 2016). This is not being done trickery, but with exploits.

Operations

These versions were improved, not only as how the infection occurs but also when it attacks. This waits patiently to jump into action when the user completes a predetermined, normal process in the system, e.g. activating the home screen, connecting the charger, or changing the network connection (Olenick, 2016). After this the malware connects with the malware’s C&C.

The malware was coded to copy the MAC address, OS version, mobile device model, and system language (Olenick, 2016). This also reports the IMEI and IMSI (Dr. Web, 2016). This can also display ads on the device.

Difficulty in Removing

To ensure this lasts as long as possible, the coders intended this to be difficult to remove. To extend life on the device, the coders made the malware apk files immutable with the files injected into the system apps.

In Closing…

This has been written to not only be a detriment for the device owner, but last longer than other malware samples. This has been coded to do this effectively.

References

Arghire, I. (2016). Xiny android trojans can infect system processes. Retrieved from http://www.securityweek.com/xiny-android-trojans-can-infect-system-processes

Bisson, D. (2016, September 26). Xiny android trojan evolves to root phones and infect system processes. Retrieved from https://www.grahamcluley.com/xiny-android-trojan-evolves-root-phones-infect-processes/

Dr. Web. (2016, September 21). Android.xiny trojans have learned how to infect system processes. Retrieved from https://news.drweb.com/show/?i=10211&lng=en&c=9

Olenick, D. (2016, September 27). Android.xiny trojan receives upgrade. Retrieved from http://www.scmagazine.com/androit-xiny-trojan-receives-upgrade/article/525008/

About the Author

Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.

Check back soon

Once posts are published, you’ll see them here.

Cybersecurity and Medical Devices

Cybersecurity and Linux SSH Servers

Cybersecurity and the Auto Industry

Cybersecurity and the Energy Sector

Cybersecurity and Costs

Cybersecurity and Electronic Health Records

Cybersecurity and IoMT

Cybersecurity and Obscurity

Cybersecurity and New Devices and Old Problems

Cybersecurity and the Diversity of Data

No tags yet.

Xiny: Yet Another Android Trojan

Featured Posts

Recent Posts

Archive

Search By Tags

Follow Us