Malware Triada and Horde «learned to” get Google protections.
Researchers Check Point discovered the new version of the infamous malware for mobile devices Triada and the Horde. According to experts, Android-Trojan received a number of new features, including the ability to bypass the security mechanisms Google in some versions of the OS.
The new version Triada can infect your default browser installed on Android-device, as well as browsers 360 Secure, Cheetah and Oupeng. Infected systems, the Trojan intercepts the request URL. If you hit on one of the specified sites, the malware displays a fake page created by cybercriminals to steal bank card data.
Until recently, the main function of Triada malware was stealing money through SMS-messages when the victim to make purchases within applications. However, the new version of the Trojan is able to intercept the URL-addresses on the infected device, to lure unsuspecting users to fake pages, entice their payment card data and even fraudulently to force them to download additional malware.
Check Point Research complements the report “Kaspersky Lab”, which describes the ability to update the Trojan. Experts also upgraded their existing information about malware for Android-devices called Horde. The malware infects applications on Google Play, such as Viking Jump, Parrot Copter, Memory Booster, Simple 2048, and WiFi Plus.
According to the researchers, with the help of a new bypass detection equipment new version of Horde is able to monitor the ongoing processes in the Android Lollipop and Marshmallow. As explained by the expert Check Point Coryate Oren (Oren Koriat), in order to prevent such activity Google has blocked the ability to call for applications getRunningTasks () API. Horde bypass this security measure, as it learns about the current processes using the file system “/ proc /”.