[guardian-dev] Fwd: [tor-talk] Orbot built-into new Android malware
steve at smallworldnews.tv
Tue Feb 25 17:20:22 EST 2014
Sounds like you're saying this is a *thing that makes you go hmmmm*....
On Tue, Feb 25, 2014 at 2:15 PM, Lee Azzarello <lee at guardianproject.info>wrote:
> Is there a infosec jargon file for C & C? I only know of it as the band
> C & C Music Factory. Or is it just Command and Control?
> On 2/25/14, 3:47 PM, Nathan of Guardian wrote:
> > -------- Original Message --------
> > Subject: [tor-talk] Orbot built-into new Android malware
> > Date: Mon, 24 Feb 2014 20:11:26 -0500
> > From: Nathan Freitas <nathan at freitas.net>
> > Reply-To: tor-talk at lists.torproject.org
> > To: tor-talk at lists.torproject.org
> > The screenshot on this page shows that they've included the Orbot source
> > itself right into the app. +1 for open-source, -1 for sneaky malware
> > using .Onion C&C's.
> > (google translation below)
> > TOR First Trojan for Android
> > Roman Unuchek
> > Expert "Kaspersky Lab"
> > published February 24, 2014, 13:09 MSK
> > Topics: Threats to mobile devices , Google Android
> > 0.1
> > Virus writers are creating Android-Trojans, traditionally used as a
> > sample functional Windows malware. Now, another "trick» Windows Trojan
> > malware is implemented under Android: we found the first Android-Trojan,
> > who as a C & C uses the domain of pseudo-zone. Onion. Thus, the Trojan
> > uses the anonymous network Tor, built on a network of proxy servers. In
> > addition to providing user anonymity, Tor allows you to post in the
> > blast zone. Onion «anonymous» sites accessible only to Tor.
> > Backdoor.AndroidOS.Torec.a is a variation of the popular Tor-client
> > Orbot. Attackers have added your code in this application, the Trojan
> > does not impersonating Orbot, it simply uses the functionality of the
> > client.
> > Trojan can get to the C & C the following commands:
> > start / stop intercepting incoming SMS
> > start / stop the theft of incoming SMS
> > make USSD request
> > send to C & C data on the phone (the phone number, country, IMEI, model,
> > version of OS)
> > send to C & C list of installed applications on your mobile device
> > send SMS to the number specified in the command
> > Using TOR has to intruders its pros and cons. Among the advantages that
> > such a C & C can not be closed. The disadvantages include the need for
> > it is worth the additional code. To Backdoor.AndroidOS.Torec.a could use
> > Tor, it took much more code than for its own functionality.
> Guardian-dev mailing list
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To Unsubscribe
> Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
> Or visit:
> You are subscribed as: steve at smallworldnews.tv
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Guardian-dev