Post reply

News:

--> Devnullius's Choices: A list of default programs to keep your PC running well!

Samker's Computer Forum - SCforum.info »
World TOP Headlines: »
Latest Security News & Alerts »
Post reply ( Re: Android Trojan Targets Cuba )

Post reply

Name:
Email:
Subject:
Message icon:

[quote author=Pez link=topic=8989.msg23900#msg23900 date=1396560472]
[size=18pt][b]Android Trojan Targets Cuba[/b][/size]

Cuba has been described as the least connected country in the Western Hemisphere. With trade embargoes limiting the import of new technologies and tight restrictions controlling the usage of the Internet, Cuba nonetheless shares one in common Internet trait with other countries: It is not immune to malware.

McAfee Mobile Research has identified a new mobile Trojan embedded into copies of a popular underground app in Cuba called EstecsaDroyd, which is an unauthorized  copy of the telephone directory from the Cuban phone company ETECSA. The directory contains the names, identity card number, and even the home address of each subscriber. Although this information should be protected from public use, every year a new updated version is released.

[img width=240 height=240]http://blogs.mcafee.com/wp-content/uploads/Screen1and2.png[/img]

After installation, the Trojan silently takes over priority handling for any incoming SMS messages and waits to be remotely activated. On receiving the word cola, the Trojan looks for all MP3 files on the SD card and overwrites them with a sound file.

[img width=240 height=240]http://blogs.mcafee.com/wp-content/uploads/BeforeAfter2.png[/img]

Although at first it may seem that the destructive nature of this Trojan is its sole purpose, there is more at work than meets the eye. The Trojan is coded to take the last remaining audio file and replace the content of the file with an encrypted list of contacts retrieved from the infected device. We believe that this is the true intention of the attacker.

What remains a mystery is the absence of a retrieval method for the encrypted contact info. The Trojan on its own cannot transmit any of the stolen contact info over the wire, which leads us to speculate on the possibility of a second app that may be assisting with transmitting the data–possibly under the guise of recovering the damaged audio files.

McAfee Mobile detects this Trojan as Android/Cola.

[url=http://blogs.mcafee.com/mcafee-labs/android-trojan-discovered-targeting-cuba][i][b]Original article: [/b]By Irfan Asrar on Apr 02, 2014[/i][/url]
[/quote]

Attachments and other options

Return to this topic.
Don't use smileys.

Verification:

Type the letters shown in the picture

Listen to the letters / Request another image

Type the letters shown in the picture:

Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

shortcuts: hit alt+s to submit/post or alt+p to preview

Topic Summary

Posted by: Samker

« on: 04. April 2014., 20:45:27 »

Insert Quote

Here is one interesting story, little bit related to yours - "Why The U.S. Government's Fake 'Cuban Twitter' Service Failed": http://www.forbes.com/sites/parmyolson/2014/04/03/why-the-u-s-governments-fake-cuban-twitter-service-failed/

Quote

"A more fundamental failure hit ZunZuneo, a social-change project in Cuba that the U.S. Agency for International Development (USAID) quietly created in 2009. The so-called “Cuban Twitter” shut down three years later when it failed to survive without state funding, and started getting blocked by the Cuban government.

The fake service allowed Cubans to send texts freely and anonymously to one another. USAID’s goal, according to the Associated Press, which cites government documents about the project, was to surreptitiously incite “smart mobs,” or spontaneous political rallies against Fidel Castro’s restrictive government."

Posted by: Pez

« on: 03. April 2014., 22:27:52 »

Insert Quote

Android Trojan Targets Cuba

Cuba has been described as the least connected country in the Western Hemisphere. With trade embargoes limiting the import of new technologies and tight restrictions controlling the usage of the Internet, Cuba nonetheless shares one in common Internet trait with other countries: It is not immune to malware.

McAfee Mobile Research has identified a new mobile Trojan embedded into copies of a popular underground app in Cuba called EstecsaDroyd, which is an unauthorized copy of the telephone directory from the Cuban phone company ETECSA. The directory contains the names, identity card number, and even the home address of each subscriber. Although this information should be protected from public use, every year a new updated version is released.

After installation, the Trojan silently takes over priority handling for any incoming SMS messages and waits to be remotely activated. On receiving the word cola, the Trojan looks for all MP3 files on the SD card and overwrites them with a sound file.

Although at first it may seem that the destructive nature of this Trojan is its sole purpose, there is more at work than meets the eye. The Trojan is coded to take the last remaining audio file and replace the content of the file with an encrypted list of contacts retrieved from the infected device. We believe that this is the true intention of the attacker.

What remains a mystery is the absence of a retrieval method for the encrypted contact info. The Trojan on its own cannot transmit any of the stolen contact info over the wire, which leads us to speculate on the possibility of a second app that may be assisting with transmitting the data–possibly under the guise of recovering the damaged audio files.

McAfee Mobile detects this Trojan as Android/Cola.

Original article: By Irfan Asrar on Apr 02, 2014

Terms of Use | Privacy Policy | Advertising

SMF | SMF © 2019, Simple Machines
TinyPortal © 2005-2012
XHTML
RSS
WAP2