1 hr. 37 minutes ago
In early November, security analysts of Doctor Web company discovered another such program the attacker by SMS. After starting the dangerous bot can send short messages, delete installed applications and files, steal confidential information, attack and perform other malicious actions on an infected machine.
Join the Dr.Web virus database program, Android.Wormle.1.origin is equipped with various functions. After installing the bot creates a shortcut on the main screen and runs as a system service com.driver.system.
Android.Wormle.1.origin connects to the server command and control (C & amp; C) and is waiting for further guidance from hackers. It should be noted that cybercriminals can control the bot directly through their server C & amp; C, as well as through Google Cloud Messaging-service that allows developers to communicate with their applications to target devices through active Google account.
This program has a very extensive set of features. In particular, it can perform the following tasks:
- To send an SMS message with the specified text to one or more of the numbers listed in the command;
- To send an SMS message with the specified text to all numbers in Address Book
- Make a specific phone number to the black list in order to block incoming SMS messages and calls from this number;
- send an inquiry about USSD code – (USSD number is in the black list in order to ensure that the user will not receive response SMS);
- Communicate information on all incoming SMS and outgoing calls to the server C & amp; C;
- Run the recorder or stop recording during it;
- Obtain information on accounts linked to the infected machine;
- Obtain information about all installed applications
- Acquire contact information;
- Gather information about the mobile operator;
- Specify the version of the operating system;
- Determine the country where the SIM card has been registered;
- Determine the number of subscriber
- Remove the specified application (to accomplish this bot Special displays a dialog box that forces the user to remove the program);
- Collect information about the files and folders located on the SD card;
- Load the zip archive containing specified in the user file or folder to the server C & amp; C;
- Delete the file or directory
- Remove all SMS messages stored on your device;
- Carry out a DDoS attack on a particular website;
- Connect to Server C & amp; C in accordance with specific parameters;
- Change the address of the server control
- Clean the black list.
Cybercriminals can therefore using the Android.Wormle.1.origin perform all sorts of tasks ranging from sending paid SMS and steal confidential data to carry out DDoS attacks on various websites. In addition, the virus can obtain information about your bank account, which extends the harmful effects of the program on an even larger scale.
Android.Wormle.1.origin runs like a worm SMS and spreads to the Android devices via SMS containing a link to download. Such messages may look like this:
“I love you http: // [] app.ru/*numer*” where “number” is the number of the recipient.
So looking messages are sent to all recipients in the Phonebook, which Android.Wormle.1.origin can infect a very large number of devices in a short time, and thus greatly expand the botnet itself. Statistics collected by Doctor Web indicate that, so far malware has infected more than 14,000 thousands of devices belonging to users in more than 20 countries. Most of them – 12, 946,000 (91.49%) – located in Russia and the Ukraine (0.88%), the USA (0.76%), Belarus (0.51%), in Kazakhstan (0.25%), Uzbekistan (0.21%) and Tajikistan (0.15%), which also shows the map below
No comments:
Post a Comment