Thursday, June 29, 2017
Home / Mobile / Malware / Android worm infects 500,000 Devices in China

Android worm infects 500,000 Devices in China

Security researchers analyzed a sample observed that the malware and found it contained two modules, one for distributing itself (XXshenqi.apk) and another for carrying out malicious activities (Trogoogle.apk).

The spreading is conducted via short texts, which will carry a link to the malicious download, sent to the victims entire list of contacts, Vigi Zhang from Kaspersky stated.

Once the malware is executed on the device, it will be detected as Trojan.AndroidOS.Xshqi.a by Kaspersky products.  If ran successfully it will drop a backdoor that gathers user’s private ID and name, transmitting them to a command and control server.

It conceals its icon after installing so the user is not aware of its existence. It’ll then answer commands to execute malicious activity. The commands include:

“readmessage”
“sendmessage”
“test”
“makemessage”
“sendlink”

There is a list of commands it can execute, if instructed from the command and control server, some of these commands include reading and sending messages. Zhang noted that the malware can also send the text to its operator either by email or utilizing the short message service.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …