Wednesday, October 18, 2017
Home / Mobile / Malware / First Android Trojan to hide Behind TOR

First Android Trojan to hide Behind TOR

Researchers at Kaspersky labs have discovered the first TOR based trojan for Android operating systems.  The malware, which was given the name Backdoor.AndroidOS.Torec.a, has its command-and-control (C&C) servers are shielded by TOR’s network making it difficult for authorities to pinpoint the origin.

According to Roman Unuchek, a malware researcher at Kaspersky blogged about this new threat, Torec.a relies upon Orbot, an open source Tor client for Android operating systems.

Orbot is leveraged to transmit commands from the C&C server to the Trojan. Their list of commands consists of intercepting incoming SMSs, stealing incoming SMSs, accessing details on the device as well as the installed applications, and sending SMSs to a given number.

As you can see in the figure below, the malware’s parameters contain a .onion domain which is the universal top level domain for TOR domains.

tor_backdoor_01s

 

The exploitation of the TOR network is nothing new, but we have been seeing a large increase of malware utilizing the network in recent years.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …