Xiny: Yet Another Android Trojan
Xiny is not new malware for the community. This was first noted in March 2015 (Dr. Web, 2016). Since this time the malware has received an upgrade, initially to version .60 (Olenick, 2016). This also has been modified with version .61 and .62. This also attacks Google Play and Google Play Services. Version .62 was focussed on monitoring for any new application being launched (Arghire, 2016).
New & Improved
The best malware samples are coded in various ways to ensure this lasts as long as possible. In this end, the malware has the greatest opportunity to do the most damage. The new version has been coded to root the target device and secure the system’s privileges as needed (Olenick, 2016). This is not being done trickery, but with exploits.
These versions were improved, not only as how the infection occurs but also when it attacks. This waits patiently to jump into action when the user completes a predetermined, normal process in the system, e.g. activating the home screen, connecting the charger, or changing the network connection (Olenick, 2016). After this the malware connects with the malware’s C&C.
The malware was coded to copy the MAC address, OS version, mobile device model, and system language (Olenick, 2016). This also reports the IMEI and IMSI (Dr. Web, 2016). This can also display ads on the device.
Difficulty in Removing
To ensure this lasts as long as possible, the coders intended this to be difficult to remove. To extend life on the device, the coders made the malware apk files immutable with the files injected into the system apps.
This has been written to not only be a detriment for the device owner, but last longer than other malware samples. This has been coded to do this effectively.
Arghire, I. (2016). Xiny android trojans can infect system processes. Retrieved from http://www.securityweek.com/xiny-android-trojans-can-infect-system-processes
Bisson, D. (2016, September 26). Xiny android trojan evolves to root phones and infect system processes. Retrieved from https://www.grahamcluley.com/xiny-android-trojan-evolves-root-phones-infect-processes/
Dr. Web. (2016, September 21). Android.xiny trojans have learned how to infect system processes. Retrieved from https://news.drweb.com/show/?i=10211&lng=en&c=9
Olenick, D. (2016, September 27). Android.xiny trojan receives upgrade. Retrieved from http://www.scmagazine.com/androit-xiny-trojan-receives-upgrade/article/525008/
About the Author
Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.