[guardian-dev] Fwd: [tor-talk] Orbot built-into new Android malware

Steve Wyshywaniuk steve at smallworldnews.tv
Tue Feb 25 17:20:22 EST 2014


Sounds like you're saying this is a *thing that makes you go hmmmm*....


On Tue, Feb 25, 2014 at 2:15 PM, Lee Azzarello <lee at guardianproject.info>wrote:

> Is there a infosec jargon file for C & C? I only know of it as the band
> C & C Music Factory. Or is it just Command and Control?
>
> -lee
>
> On 2/25/14, 3:47 PM, Nathan of Guardian wrote:
> >
> >
> >
> > -------- Original Message --------
> > Subject: [tor-talk] Orbot built-into new Android malware
> > Date: Mon, 24 Feb 2014 20:11:26 -0500
> > From: Nathan Freitas <nathan at freitas.net>
> > Reply-To: tor-talk at lists.torproject.org
> > To: tor-talk at lists.torproject.org
> >
> >
> > The screenshot on this page shows that they've included the Orbot source
> > itself right into the app. +1 for open-source, -1 for sneaky malware
> > using .Onion C&C's.
> >
> >
> http://www.securelist.com/ru/blog/207769023/Pervyy_TOR_troyanets_pod_Android
> >
> > (google translation below)
> >
> > TOR First Trojan for Android
> > Roman Unuchek
> > Expert "Kaspersky Lab"
> > published February 24, 2014, 13:09 MSK
> > Topics: Threats to mobile devices , Google Android
> > 0.1
> >
> >
> > Virus writers are creating Android-Trojans, traditionally used as a
> > sample functional Windows malware. Now, another "trick» Windows Trojan
> > malware is implemented under Android: we found the first Android-Trojan,
> > who as a C & C uses the domain of pseudo-zone. Onion. Thus, the Trojan
> > uses the anonymous network Tor, built on a network of proxy servers. In
> > addition to providing user anonymity, Tor allows you to post in the
> > blast zone. Onion «anonymous» sites accessible only to Tor.
> >
> >
> >
> > Backdoor.AndroidOS.Torec.a is a variation of the popular Tor-client
> > Orbot. Attackers have added your code in this application, the Trojan
> > does not impersonating Orbot, it simply uses the functionality of the
> > client.
> >
> >
> >
> > Trojan can get to the C & C the following commands:
> >
> >
> >
> > start / stop intercepting incoming SMS
> > start / stop the theft of incoming SMS
> > make USSD request
> > send to C & C data on the phone (the phone number, country, IMEI, model,
> > version of OS)
> > send to C & C list of installed applications on your mobile device
> > send SMS to the number specified in the command
> > Using TOR has to intruders its pros and cons. Among the advantages that
> > such a C & C can not be closed. The disadvantages include the need for
> > it is worth the additional code. To Backdoor.AndroidOS.Torec.a could use
> > Tor, it took much more code than for its own functionality.
> >
>
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit:
> https://lists.mayfirst.org/mailman/options/guardian-dev/steve%40smallworldnews.tv
>
> You are subscribed as: steve at smallworldnews.tv
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20140225/1eeb7fd8/attachment.html>


More information about the Guardian-dev mailing list