The company "Doctor Web" reported the discovery of a new malware for the platform Android, capable of intercepting incoming SMS-message and redirect them to malicious users. Trojan Android.Pincer.2.origin is a very serious threat to users, as in stolen them messages may be, including screening and mTAN-codes that are used by various financial systems, such as "Client-Bank" for confirmation of transactions, as well as other confidential user information.

Trojan detected by the specialists of "Doctor Web" a few days ago, is the second known member of the family Android.Pincer. Like its predecessor, the updated malware spreads as a security certificate, which is supposed to want to install on your mobile Android-powered device. If the unwary user installs and tries to run the Trojan, Android.Pincer.2.origin show a false report about the successful installation of the certificate, and then the time will not show any significant activity.

To boot with the operating system, the Trojan registers a system service CheckCommandServices, which subsequently runs as a background service. In case of a successful start at the next turn Android.Pincer.2.origin mobile device connects to a remote server and downloads the malicious him a number of information about the mobile device.Among them:
- model name
- serial number of the device
- IMEI-id
- the name of your service provider
- A Cell Phone
- language used by default in
- version of the operating system
- information about whether there is root-access
Next, the malicious program waits proceeds from intruders control SMS-message with the text type "command: [team name]" that provides instructions for further action. The following information: the interception of communications with the specified number, send an SMS with the specified parameters, performance of USSD-request, a warning message on the mobile device, change of address management server, sending an SMS with the text pong at a pre-specified number, changing rooms, which leaves a message with the text pong. intercept messages from command specified number enables the use of malware as a tool to carry out targeted attacks and steal specific SMS, for example, messages from the system "Client-Bank" containing mTAN-checking codes or confidential SMS, designed for the most different categories of people, from simple users to corporate executives and government agencies.
0 comments:
Post a Comment