[guardian-dev] Fwd: [tor-talk] Orbot built-into new Android malware

Nathan of Guardian nathan at guardianproject.info
Tue Feb 25 08:47:32 EST 2014

-------- Original Message --------
Subject: [tor-talk] Orbot built-into new Android malware
Date: Mon, 24 Feb 2014 20:11:26 -0500
From: Nathan Freitas <nathan at freitas.net>
Reply-To: tor-talk at lists.torproject.org
To: tor-talk at lists.torproject.org

The screenshot on this page shows that they've included the Orbot source
itself right into the app. +1 for open-source, -1 for sneaky malware
using .Onion C&C's.


(google translation below)

TOR First Trojan for Android
Roman Unuchek
Expert "Kaspersky Lab"
published February 24, 2014, 13:09 MSK
Topics: Threats to mobile devices , Google Android

Virus writers are creating Android-Trojans, traditionally used as a
sample functional Windows malware. Now, another "trick» Windows Trojan
malware is implemented under Android: we found the first Android-Trojan,
who as a C & C uses the domain of pseudo-zone. Onion. Thus, the Trojan
uses the anonymous network Tor, built on a network of proxy servers. In
addition to providing user anonymity, Tor allows you to post in the
blast zone. Onion «anonymous» sites accessible only to Tor.

Backdoor.AndroidOS.Torec.a is a variation of the popular Tor-client
Orbot. Attackers have added your code in this application, the Trojan
does not impersonating Orbot, it simply uses the functionality of the

Trojan can get to the C & C the following commands:

start / stop intercepting incoming SMS
start / stop the theft of incoming SMS
make USSD request
send to C & C data on the phone (the phone number, country, IMEI, model,
version of OS)
send to C & C list of installed applications on your mobile device
send SMS to the number specified in the command
Using TOR has to intruders its pros and cons. Among the advantages that
such a C & C can not be closed. The disadvantages include the need for
it is worth the additional code. To Backdoor.AndroidOS.Torec.a could use
Tor, it took much more code than for its own functionality.
tor-talk mailing list - tor-talk at lists.torproject.org
To unsubscribe or change other settings go to

More information about the Guardian-dev mailing list