212eta Posted September 29, 2015 Share Posted September 29, 2015 Usually, to infect Android mobile devices, cybercriminals use a rather trivial routine—by employing social engineering methods, they force their victims to install some maliciousapplication by themselves.However, this algorithm is not the only one virus makers have at their disposal—in particular,Doctor Web security researchers continue to register new cases when Android Trojans arealready preinstalled on mobile devices as system applications to perform their malicious activitieswithout user knowledge. Recently, a similar incident involving Android.Backdoor.114.origin hasbeen registered by our specialists.Android.Backdoor.114.origin has been known to Doctor Web analysts for quite some time—it was more than a year ago that this Trojan came into the light for the first time.Since then, the malware continues to present a great threat to Android users, mostly because it gets incorporated directly into mobile device firmware. As a result, it becomes almost impossible to remove the Trojan using ordinary tools. To be able to get rid of the malware, the user needs to acquire root privileges, which can be hard (or even dangerous) to accomplish. Another way is to reinstall the operating system. However, this may lead to permanent loss of all data whose backup copies has not been created.In the middle of September, Doctor Web security researchers witnessed a new infection incidentinvolving Android.Backdoor.114.origin. This time, owners of Oysters T104 HVi 3G were the ones who fell victim to malicious activities of the backdoor—on their devices, the malware hides in the preinstalled GoogleQuickSearchBox.apk application. Although the manufacturer has been already notified about this issue, to this day, the official firmware version available for download has not undergone any changes and still contains the backdoor.Android.Backdoor.114.origin gathers and sends the command and control server information about the infected device. Depending on the modification, it can send cybercriminals the following data: Infected device's unique identifier MAC address of the Bluetooth adapter Infected device's type (smartphone or tablet) Parameters from the configuration file MAC address IMSI Malicious application version OS version API version of the device Network connection type Application package name Country ID Screen resolution Device manufacturer Model name Occupied SD card space Available SD card space Occupied internal memory space Available internal memory space List of applications installed in the system folder List of applications installed by the userHowever, the main purpose of Android.Backdoor.114.origin is to stealthily download, install, and remove applications upon a command from the command and control server. Moreover, the Trojan can activate the disabled option to install applications from unreliable sources.Thus, even if the user follows recommended security rules, the backdoor can modify appropriate settings to install various adware, unwanted, and dangerous applications.Doctor Web security researchers advise Android users to perform periodic anti-virus scansof their devices for known malicious programs. If a Trojan or any other malicious program isdetected in the firmware, it is recommended to contact the device manufacturer in order to get an updated operating system image, because, in most cases, it is impossible to remove such malware using built-in tools (including anti-virus software).Source Link to comment Share on other sites More sharing options...
GRiM Posted September 30, 2015 Share Posted September 30, 2015 Story title is misleading. It's not official Android firmware at all, it's OEM edited firmware. Link to comment Share on other sites More sharing options...
212eta Posted October 1, 2015 Author Share Posted October 1, 2015 Story title is misleading. It's not official Android firmware at all, it's OEM edited firmware.I guess the Dr.Web experts are Not aware of it... :unsure: Link to comment Share on other sites More sharing options...
jtmulc Posted October 2, 2015 Share Posted October 2, 2015 Story title is misleading. It's not official Android firmware at all, it's OEM edited firmware.All the more reason to run a Nexus and/or custom rom. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.