Join the Dr.Web virus database program, Android.Wormle.1.origin is equipped with various functions. After installing the bot creates a shortcut on the main screen and runs as a system service com.driver.system.
Android.Wormle.1.origin connects to the server command and control (C & amp; C) and waits for further instructions from hackers. It should be noted that cybercriminals can control the bot directly through their server C & amp; C, as well as through Google Cloud Messaging-service that allows developers to communicate with their applications to target devices through active Google account.
This program has a very extensive set of features. In particular, it can perform the following tasks:
- To send an SMS message with the specified text to one or more of the numbers listed in the command;
- To send an SMS message with the specified text to all numbers in the address book;
- Make a specific phone number to the black list in order to block incoming SMS messages and calls from this number;
- send an inquiry about USSD code – (USSD number is blacklisted in order to ensure that the user will not receive feedback messages);
- Communicate information on all incoming SMS and outgoing calls to the server C & amp; C;
- Run the recorder to stop recording or during it;
- Obtain information on accounts linked to the infected machine;
- Obtain information about all installed applications
- Acquire contact information;
- Gather information about the mobile operator;
- Specify the version of the operating system;
- Determine the country where the SIM card has been registered;
- Specify the number of the party;
- Remove the specified application (to accomplish this bot Special displays a dialog box that forces the user to remove the program);
- Collect information about the files and folders located on the SD card
- Load the zip archive containing the user defined file or folder to the server C & amp; C;
- Delete the file or directory
- Delete all SMS messages stored on your device;
- Carry out a DDoS attack on a particular website;
- Connect to Server C & amp; C in accordance with specific parameters;
- Change the address of the control server;
- Clean the black list.
Cybercriminals can therefore using Android.Wormle.1.origin perform all sorts of tasks ranging from sending paid SMS and steal confidential data to launch DDoS attacks on various websites. In addition, the virus can obtain information about your bank account, which extends the harmful effects of the program on an even larger scale.
Android.Wormle.1.origin acts like a worm SMS and spread to Android devices via SMS s containing a link to download. Such messages may look like this:
“I love you http: // [] app.ru/*numer*” where “number” is the number of the recipient.
So looking messages are sent to all recipients in the Phonebook, which Android.Wormle.1.origin can infect a very large number of devices in a short time, and thus greatly expand the botnet itself. Statistics collected by Doctor Web indicate that, so far malware has infected more than 14,000 thousands of devices belonging to users in more than 20 countries. Most of them – 12, 946,000 (91.49%) – located in Russia and the Ukraine (0.88%), the USA (0.76%), Belarus (0.51%), in Kazakhstan (0.25%), Uzbekistan (0.21%) and Tajikistan (0.15%), which also shows the map below:
“Doctor Web security analysts continue to carefully monitor the threat. Entry to detect this malicious program was added to the virus database, so your Android device, which runs the program Dr.Web and Dr.Web Light are protected against attacks Android.Wormle.1 program. origin “- tells Joanna Schulz-Torój, specialist Doctor Web.
No comments:
Post a Comment