Johannesburg, 02 Sep 2016
Is your Android phone infected with an Android Trojan Horse? You're minding your own business when your Android phone buzzes and you see that a close friend has texted you a link with some pictures, unsuspecting you tap the link without even thinking about whether it was unusual that he/she had texted you a link, and thus unwittingly become a victim of a mobile Trojan scam.
Windows Operating System has been the popular target of Trojan Horses, until now. Since the massive penetration of smartphones into the market, the mobile operating system Android has become the new target of Trojan programmers and is at high risk of being infected. Once a user has installed a malicious app, the Trojan collects nearly 30 different types of information about the user's device and transmits them to a remote server operated by the cyber criminal. An Android Trojan that displays unwanted ads and installs nuisance software on mobile devices has been discovered. The Trojan module is able to "remotely update the operating system, collect information, display notifications (including advertisements), and make mobile payments."
There are multiple ways for your mobile device to be infected with an Android Trojan. For example, when you are browsing online or watching a video on the Internet, you may be prompted to install an app first by a message claiming that you are missing a plug-in, it will then suggest that you download software called Video Player or Adobe Flash Player update. Once you install the app and open the downloaded software, the Android Trojan locks your phone screen immediately. Alternatively, the virus is disguised as an mp4 file or other APK files, which are often bundled with spam e-mails without any notice. According to research, more than 15 000 spam e-mails containing malicious files have hit the inboxes of Android users in the last few days. Users should be more cautious and take the necessary measures to avoid an infection.
In some cases, the virus only attacks Web browsers instead of taking over the whole phone screen. Android Trojan also hijacks your Internet connection and doesn't allow any online access. It then further requests payment in order to regain full access of the phone.
Trojans are malicious programs that can perform various malevolent actions on smartphones and tablets. For example, this malware can send SMSes to premium numbers, can spy on your SMSes, and even block them. It is also able to request USSD codes to activate value-added services that are charged to your mobile account.
Some Trojans can take over root privileges using vulnerabilities in your Android Phone and gain Android device manager privileges. Once the Trojan Virus gains Android device manager privileges, it cannot be detected or uninstalled from the Android phone. Another Android Trojan is able to steal your private information and leach your mobile data. Once this Trojan has collected all of your personal information, the information is sent back to a database where the information is logged for use by the cybercriminals responsible for the Trojan.
Once the Trojan is launched, the Trojan transmits the following information from the Android device to the server:
* OS version;
* SDK system version;
* Device model;
* Screen resolution;
* CPU type;
* IMEI identifier;
* ISO country code;
* Android build version;
* Cell phone number;
* SIM serial number;
* User's location;
* Network subtype;
* Availability of root access;
* The current version number of the Trojan;
* Generated unique user ID for phone;
* Network connection type;
* Mobile network operator;
* E-mail address connected to a Google user account;
* Google Cloud Messaging identifier (GCM id);
* The "user agent" parameter generated using a special algorithm;
* Whether an infected application has administrator privileges;
* Name of an infected application; and
* Presence of a Google Play application on the device.
In addition to the initial information sent to the C&C server, there are many more functions that can be requested remotely such as:
* Download an APK and prompt user to install it;
* Get call logs;
* Get SMS inbox;
* Get bookmarks;
* Get contacts;
* Get list of installed apps;
* Lock the screen; and
* Redirect calls to a specific number.
Possible dangers caused by Trojan: Android
* It takes control of the mobile phone rapidly once downloaded.
* It disguises itself as a legitimate warning and then asks for a payment.
* It does not allow you to change your phone settings or open Google Play to download an antivirus program.
* It may damage your data and the Android operating system.
* It does not allow the phone to be switched off or any other action, except the inputs related to the demand for money.
How to remove a Trojan
In order to remove a Trojan, a factory reset is recommended, though it is advised to take the phone to an expert, as different smartphones have different methods of initiating a factory reset or safe mode.
Safety tips to prevent an infection
1. Always install apps from Google play and official sites.
2. Turn off Bluetooth if not in use.
3. Install reliable mobile security software that automatically scans apps before they run for the first time.
4. Make regular backups of the important data on your phone on cloud or external storage devices.
5. Before connecting your mobile devices to any computer, ensure that the latter is secure with multi-layered antivirus software.
6. Avoid clicking links in unknown and unsolicited e-mails and SMSes.
7. Have your mobile apps updated to the latest version. And ensure that your mobile OS is updated too.
Smartphones can store a lot of data and valuable information, which, if fallen into the wrong hands, could make the owners pay a hefty price.
eScan strongly recommends that Android users pay careful attention to applications they wish to download, and to only install programs developed by reputable companies. eScan for Android effectively detects and removes all known modifications of the Android Trojan and, therefore, this malicious program poses no threat to its users.
Share