Researchers at Kaspersky Labs have discovered the first TOR-based trojan for Android operating systems. The malware was given the name Backdoor.AndroidOS.Torec.a, has its command-and-control (C&C) servers shielded by TOR’s network making it difficult for authorities to pinpoint the origin.
Roman Unuchek, a malware researcher at Kaspersky blogged about this new threat, Torec.a relies upon Orbot, an open-source Tor client for Android operating systems.
Orbot is leveraged to transmit commands from the C&C server to the Trojan. Their list of commands consists of intercepting incoming SMSs, stealing incoming SMSs, accessing details on the device as well as the installed applications, and sending SMSs to a given number.
As you can see in the figure below, the malware’s parameters contain a .onion domain which is the universal top-level domain for TOR domains.
The exploitation of the TOR network is nothing new, but we have been seeing a large increase of malware utilizing the network in recent years.