Wednesday, April 30, 2014

Attackers distribute Android-Trojan disguised as "service Avito.ru» - Lenta.ru

newsletter intruders SMS-spam messages under the guise of free service announcements Avito.ru experts found the company “Doctor Web”. Thus, scammers distributed Android-Trojan, which gave them access to the data user’s mobile device, the company said.

User victim receives SMS-message response to a previously placed ad. Thus, the target audience of this attack is largely a service current customers who really expect an answer to your ad. To view the response offered to link. After that, instead of the expected web page service users fell to a fraudulent site from which the Trojan being downloaded Android.SmsSpy.88.origin, which is a SMS-bot.

After installing and running the Trojan program prompts the user access access administrative features of the mobile device, and then removes the icon from the main screen of the operating system. Next, using the SMS-messages, the Trojan sends attackers some general data about the infected mobile device: name, manufacturer, IMEI-identifier information about the operator, as well as the operating system version. The malware then connects to a remote server and waits for commands from a receipt, which may include instructions to start or stop the service to intercept incoming SMS, sending short messages with the specified text to the specified number, the implementation challenges, as well as sending SMS-messages for all available in the phone book contacts.

Attackers can also control the Trojan using SMS-messages. In this form Android.SmsSpy.88.origin able to receive commands to send SMS with the given parameters, and to enable or disable unconditional forwarding for all incoming calls. Last Trojan function allocates among similar programs.

ability malware divert calls to a specified number of intruders allows them to establish control over all incoming calls, experts say. In practice, this gives an opportunity not only to cybercriminals to gain access to a range of confidential information, but also in some cases to implement a number of fraudulent activities.

No comments:

Post a Comment