Internet security firm ZScaler.com said the malware appears to target users of devices running Google's Android.
The
malware in question will install a pirated version of the Assassins
Creed game that functions normally, making end user oblivious to the
malicious activities it performs in background.
The
malicious application is capable of sending multi-part text messages,
harvesting text messages from a victim's device, and sending stolen
information to a remote Command & Control (C2) server. We were able
to locate phone numbers belonging to Russian bank "Volga-Vyatka Bank of Sberbank of Russia" in the malicious application code for which SMS messages are being intercepted to steal sensitive information.
Another
interesting feature we saw is the usage of AES encryption for all the
C2 communication. It also harvests the mobile number and Subscriber ID
information from the victim device for tracking purposes.
Application information:
- File MD5 : 3E076979644672A0EF750A4C3226F553
- File Size : 3.25 MB
- File Name : assassins_creed.apk
- Package Name : com.dsifakf.aoakmnq
Permissions:
android.permission.ACCESS_NETWORK_STATE
android.permission.GET_ACCOUNTS
android.permission.INTERNET
android.permission.PROCESS_OUTGOING_CALLS
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_PHONE_STATE
android.permission.READ_SMS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.WAKE_LOCK
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WRITE_SMS
android.permission.ACCESS_NETWORK_STATE
android.permission.GET_ACCOUNTS
android.permission.INTERNET
android.permission.PROCESS_OUTGOING_CALLS
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_PHONE_STATE
android.permission.READ_SMS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.WAKE_LOCK
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WRITE_SMS
"The
malware in question will install a pirated version of the Assassins
Creed game that functions normally, making end user oblivious to the
malicious activities it performs in background," it said.
"Upon
installation, the user will see the game icon on the screen, that
disappears shortly thereafter with the malicious process still running
in the background," it added.
Zscaler said the app can send multi-part text messages and harvest text messages from a victim's device.
It can then send the stolen information to a remote Command and Control server.
Also, it can use AES encryption for all the command and control communication.
"It also harvests the mobile number and Subscriber ID information from the victim device for tracking purposes," it said.
The
malicious app performs the activity of harvesting sensitive information
and sending it to the remote server on a regular interval.
Recommendation:
Cybercriminals often lure users with pirated versions of popular paid mobile applications that are Trojanized to steal sensitive information. It is strongly recommended that users stay away from such offers and download mobile app only from the trusted sources like the Google Play store.
Cybercriminals often lure users with pirated versions of popular paid mobile applications that are Trojanized to steal sensitive information. It is strongly recommended that users stay away from such offers and download mobile app only from the trusted sources like the Google Play store.
0 comments:
Post a Comment