Header Ads

Trojan on Pirated Assassins Creed app

Internet security firm ZScaler.com said the malware appears to target users of devices running Google's Android.

The malware in question will install a pirated version of the Assassins Creed game that functions normally, making end user oblivious to the malicious activities it performs in background.

The malicious application is capable of sending multi-part text messages, harvesting text messages from a victim's device, and sending stolen information to a remote Command & Control (C2) server. We were able to locate phone numbers belonging to Russian bank "Volga-Vyatka Bank of Sberbank of Russia" in the malicious application code for which SMS messages are being intercepted to steal sensitive information. 
Another interesting feature we saw is the usage of AES encryption for all the C2 communication. It also harvests the mobile number and Subscriber ID information from the victim device for tracking purposes.
Application information:
 Permissions:
android.permission.ACCESS_NETWORK_STATE
android.permission.GET_ACCOUNTS
android.permission.INTERNET
android.permission.PROCESS_OUTGOING_CALLS
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_PHONE_STATE
android.permission.READ_SMS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.WAKE_LOCK
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WRITE_SMS


"The malware in question will install a pirated version of the Assassins Creed game that functions normally, making end user oblivious to the malicious activities it performs in background," it said.
"Upon installation, the user will see the game icon on the screen, that disappears shortly thereafter with the malicious process still running in the background," it added.
Zscaler said the app can send multi-part text messages and harvest text messages from a victim's device.
It can then send the stolen information to a remote Command and Control server.
Also, it can use AES encryption for all the command and control communication.
"It also harvests the mobile number and Subscriber ID information from the victim device for tracking purposes," it said.
The malicious app performs the activity of harvesting sensitive information and sending it to the remote server on a regular interval.

Recommendation:

Cybercriminals often lure users with pirated versions of popular paid mobile applications that are Trojanized to steal sensitive information. It is strongly recommended that users stay away from such offers and download mobile app only from the trusted sources like the Google Play store.






No comments

blogmytuts. Powered by Blogger.