New malware for Android hacks smartphones and connects them to the botnet
Earlier this month, Professor Xuxian Jiang from the University of North Carolina discovered and described another malware for Android, known as RootSmart. In general, it operates traditionally: after infecting a smartphone, the program starts sending SMS to paid scam services, thus ruining the owner’s mobile account. But this is not the only RootSmart feature. Most of all, the professor was interested in the fact that infected devices automatically connect to the botnet.
It is worth noting that this is not the first mobile client of the botnet network. For example, back in 2010 there was such a virus as Geinimi . But the unique feature of RootSmart is the infection system of smartphones running Android 2.3. After hitting the phone, it loads the GingerBreak exploit from a remote server, which, after activation, provides the root access to the system and the ability to install additional remote administration tools without the user's permission. After that, the attacker appears complete control over the smartphone connected to the botnet.
Currently, e-infection has been detected in China, in local stores of Android applications. According to Professor Xaxian Jiang, from 10 to 30 thousand infected devices are connected daily to a botnet. It is worth noting that the application can be seen in the system. Most often it is disguised as a “Settings” section, using a similar icon. For security reasons, a specialist recommends using only trusted sources to download applications and install anti-virus software.
A source
It is worth noting that this is not the first mobile client of the botnet network. For example, back in 2010 there was such a virus as Geinimi . But the unique feature of RootSmart is the infection system of smartphones running Android 2.3. After hitting the phone, it loads the GingerBreak exploit from a remote server, which, after activation, provides the root access to the system and the ability to install additional remote administration tools without the user's permission. After that, the attacker appears complete control over the smartphone connected to the botnet.
Currently, e-infection has been detected in China, in local stores of Android applications. According to Professor Xaxian Jiang, from 10 to 30 thousand infected devices are connected daily to a botnet. It is worth noting that the application can be seen in the system. Most often it is disguised as a “Settings” section, using a similar icon. For security reasons, a specialist recommends using only trusted sources to download applications and install anti-virus software.
A source
')
Source: https://habr.com/ru/post/138207/
All Articles