New Malware taking control of Android Devices

If your device runs on Google's Android operating system and if you have rooted your Android device (modded your device, means tweaked its software to install even those components and apps, which are not allowed by Android) —then beware of installing some Android apps that may turn their phones or tablets into zombies.

Security vendor Trend Micro said the library file in such apps, detected as ANDROIDOS_BOTPANDA.A, will connect to command-and-control (C&C) servers.

"(W)hen executed, (the library file in the app) renders the infected device as a zombie device that connects to specific command and control (C&C) servers. What is also noteworthy about this file is that it hides its routines in the dynamic library, making it difficult to analyze," said Trend Micro.

In simple, what the Malware does is take control of the device and use it for the purposes earmarked by the malware makers.

Adding further, Trent Micro said,

"This malware also runs specifically on rooted devices, thus it is likely that this may spread through third-party app stores,".

It said ANDROIDOS_BOTPANDA.A is another reason why users should be cautious in downloading apps, specifically those from third-party app stores. Trend Micro said the malicious library "libvadgo" contained in ANDROIDOS_BOTPANDA.A was developed via NDK (a toolset used by would be-Android developers in creating apps) and loaded using Java Native Interface.

Modus Operandi of the Malware:

According to Trend Micro, the malware checks for certain system files and replaces them to avoid detection. It also makes modifications such that the malware can be launched automatically.

What makes the malware dangerous is that it hides its malicious routines in the said dynamic library, making it hard to analyze.

If more Android malware use this technique in the future, delivering analysis and solutions will prove to be challenging for security experts," it warned.


No comments