The malware blocking the work of antivirus software using a firewall DroidWall.
Researchers from Symantec have discovered a new sample of malware for Android, which uses a firewall DroidWall to avoid detection by antivirus software. The malware, called Android.Spywaller collects personal information of the victims and sends the information to servers controlled by the attackers.
When infected system Android.Spywaller embedded in the device memory and is shown under the guise applications «Google Service». The malware tries to get root access and success begins to collect personal data in the background.
A distinctive feature of this malware is to use a mobile firewall DroidWall to avoid detection by antivirus software. Android.Spywaller scans your system for the presence of the popular Chinese antivirus Qihoo 360, and then blocks a unique ID program with DroidWall.
The malware is aimed at Chinese users. In China, most of the devices have root privileges, simplifying the installation of malicious software. In addition, due to Internet censorship, users can not access the official service Google, while Android.Spywaller mimics one of the company’s application.
Android.Spywaller intercepts and sends cybercriminals information about the call log, SMS-messages, location and browsing history, emails, images and contacts the victim. In addition, information is gathered from popular instant messengers, including BlackBerry Messenger, Oovoo, Coco, QQ, SinaWeibo, Skype, Talkbox, TencentWeibo, Voxer, Wechat, WhatsApp and Zello.