[guardian-dev] Fwd: [tor-talk] Orbot built-into new Android malware
Lee Azzarello
lee at guardianproject.info
Tue Feb 25 17:15:14 EST 2014
Is there a infosec jargon file for C & C? I only know of it as the band
C & C Music Factory. Or is it just Command and Control?
-lee
On 2/25/14, 3:47 PM, Nathan of Guardian wrote:
>
>
>
> -------- Original Message --------
> Subject: [tor-talk] Orbot built-into new Android malware
> Date: Mon, 24 Feb 2014 20:11:26 -0500
> From: Nathan Freitas <nathan at freitas.net>
> Reply-To: tor-talk at lists.torproject.org
> To: tor-talk at lists.torproject.org
>
>
> The screenshot on this page shows that they've included the Orbot source
> itself right into the app. +1 for open-source, -1 for sneaky malware
> using .Onion C&C's.
>
> http://www.securelist.com/ru/blog/207769023/Pervyy_TOR_troyanets_pod_Android
>
> (google translation below)
>
> TOR First Trojan for Android
> Roman Unuchek
> Expert "Kaspersky Lab"
> published February 24, 2014, 13:09 MSK
> Topics: Threats to mobile devices , Google Android
> 0.1
>
>
> Virus writers are creating Android-Trojans, traditionally used as a
> sample functional Windows malware. Now, another "trick» Windows Trojan
> malware is implemented under Android: we found the first Android-Trojan,
> who as a C & C uses the domain of pseudo-zone. Onion. Thus, the Trojan
> uses the anonymous network Tor, built on a network of proxy servers. In
> addition to providing user anonymity, Tor allows you to post in the
> blast zone. Onion «anonymous» sites accessible only to Tor.
>
>
>
> Backdoor.AndroidOS.Torec.a is a variation of the popular Tor-client
> Orbot. Attackers have added your code in this application, the Trojan
> does not impersonating Orbot, it simply uses the functionality of the
> client.
>
>
>
> Trojan can get to the C & C the following commands:
>
>
>
> start / stop intercepting incoming SMS
> start / stop the theft of incoming SMS
> make USSD request
> send to C & C data on the phone (the phone number, country, IMEI, model,
> version of OS)
> send to C & C list of installed applications on your mobile device
> send SMS to the number specified in the command
> Using TOR has to intruders its pros and cons. Among the advantages that
> such a C & C can not be closed. The disadvantages include the need for
> it is worth the additional code. To Backdoor.AndroidOS.Torec.a could use
> Tor, it took much more code than for its own functionality.
>
More information about the Guardian-dev
mailing list