[guardian-dev] Fwd: [tor-talk] Orbot built-into new Android malware

Lee Azzarello lee at guardianproject.info
Tue Feb 25 17:15:14 EST 2014

Is there a infosec jargon file for C & C? I only know of it as the band
C & C Music Factory. Or is it just Command and Control?


On 2/25/14, 3:47 PM, Nathan of Guardian wrote:
> -------- Original Message --------
> Subject: [tor-talk] Orbot built-into new Android malware
> Date: Mon, 24 Feb 2014 20:11:26 -0500
> From: Nathan Freitas <nathan at freitas.net>
> Reply-To: tor-talk at lists.torproject.org
> To: tor-talk at lists.torproject.org
> The screenshot on this page shows that they've included the Orbot source
> itself right into the app. +1 for open-source, -1 for sneaky malware
> using .Onion C&C's.
> http://www.securelist.com/ru/blog/207769023/Pervyy_TOR_troyanets_pod_Android
> (google translation below)
> TOR First Trojan for Android
> Roman Unuchek
> Expert "Kaspersky Lab"
> published February 24, 2014, 13:09 MSK
> Topics: Threats to mobile devices , Google Android
> 0.1
> Virus writers are creating Android-Trojans, traditionally used as a
> sample functional Windows malware. Now, another "trick» Windows Trojan
> malware is implemented under Android: we found the first Android-Trojan,
> who as a C & C uses the domain of pseudo-zone. Onion. Thus, the Trojan
> uses the anonymous network Tor, built on a network of proxy servers. In
> addition to providing user anonymity, Tor allows you to post in the
> blast zone. Onion «anonymous» sites accessible only to Tor.
> Backdoor.AndroidOS.Torec.a is a variation of the popular Tor-client
> Orbot. Attackers have added your code in this application, the Trojan
> does not impersonating Orbot, it simply uses the functionality of the
> client.
> Trojan can get to the C & C the following commands:
> start / stop intercepting incoming SMS
> start / stop the theft of incoming SMS
> make USSD request
> send to C & C data on the phone (the phone number, country, IMEI, model,
> version of OS)
> send to C & C list of installed applications on your mobile device
> send SMS to the number specified in the command
> Using TOR has to intruders its pros and cons. Among the advantages that
> such a C & C can not be closed. The disadvantages include the need for
> it is worth the additional code. To Backdoor.AndroidOS.Torec.a could use
> Tor, it took much more code than for its own functionality.

More information about the Guardian-dev mailing list