Experts from Kaspersky Lab detected a Trojan attacker Triad Android devices, which in terms of complexity can be compared to the malicious programs designed for Windows. This malware, which is characterized by Stealth, modularity and a long time in the infected system, was created by experienced criminals. At greatest risk are exposed to mobile devices running the Android versions 4.4.4 and earlier.
According to a study on the evolution of mobile cyber threats recently conducted by Kaspersky Lab, almost half of the 20 most popular Trojans in 2015. Were malicious programs capable of gain access to the administrator level. This kind of privileges allow cybercriminals to install the application on the phone without the user’s knowledge.Pests of this kind spread through the application downloaded from untrusted sources. You can often be found also in the official Google Play store, where you pretend to be games or applications related to entertainment. In some cases Trojans enter the system while updating the existing popular applications, and in certain circumstances may be pre-installed on mobile devices. Most at risk are devices running the Android version 4.4.4 or earlier.
Currently, 11 families are known mobile Trojans that use administrator-level privileges. Three of them – Ztorg, Gorpo and Leech – they interact with each other. Infected with these Trojans device usually organize themselves into a network, creating a kind of botnet advertising, which can be used by cybercriminals to install various types of adware. But that’s not all …
Trojan Triada attacks
the threat aimed in mobile users.
Shortly after obtaining administrator rights to the devices mentioned Trojans download and install software, open the rear gate. The worm then activates two modules, which can download, install and run applications.
The loader applications and modules installation refer to different types of Trojans, but all of them have been added to the antivirus databases of Kaspersky Lab under the name – Triad.
the distinguishing feature of this malware is to use Zygote – the parent element of the application process for the Android device – which contains the library system and the structure used by any application installed on the device. In other words, it is the system module, the aim of which is to run applications that run on Android. This is the standard application process, which refers to any newly installed program. This means that after entering the system, the Trojan will become part of the application process and will be added to each Launcher on your device, which can even change the logic of the functioning of the programs. This is the first time that this kind of technology has been detected in the malicious program occurring in the wild and created for infecting users of Android devices.
The triad is characterized by advanced stealth capabilities. After entering the user’s device, the Trojan added to almost any workflow and exists in short-term memory. For this reason, detect and remove it using antivirus solutions is almost impossible. Triad running surreptitiously, which means that all the harmful actions are concealed both from the user and other applications.
The complex functionality Triad proves that the pest are faced with very advanced cyber criminals, having in-depth knowledge of the victim’s mobile platform.
No comments:
Post a Comment