Recently, there have been two examples of malware discovered in devices using Android. These downloader Trojans were found to be in the device’s firmware. These have been coded with the ability to contact their C&C servers. With this functionality these are able to receive updates and patches, be directed on which apps to download to be used in attacks against the host, and begin their operation when the individual device is turned on
These Trojans were coded with the intent of the users to download applications to generate revenue for the attackers. One of these two is the Android Sprovider.7 Trojan. This was found on the Lenovo A319 and A6000 smartphones. The malware was coded to open websites in a browser, originate phone calls, and present layered over applications. The other Trojan, Android.Downloader.473.origin, has been found on over 23 phones. This Trojan was also coded to pop-up ads for other applications for the user to download.
The manufacturers have been made aware of the issues.
About the Athor - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!