Loading recent posts...

Jan 24, 2013

Android Trojan Responsible for China’s Largest Botnet Is Based on Backscript Malware

Earlier this month, we learned that a piece of malware called Android.Troj.mdk (MDK) was responsible for the largest mobile botnet China had ever seen, with over 1 million devices being infected. Experts from Symantec say that MDK is actually a new version of an older threat, Android.Backscript.

Researchers have found that the codes of the two malicious elements are very similar and they both use the same certificate to sign APKs. The main difference is that the new variant uses an Advanced Encryption Standard (AES) to encrypt data. After it’s installed onto a smartphone, the Trojan collects user information, downloads additional malware, and generates adware. In addition, it also allows its master to remotely control the infected device.

Initial reports revealed that the Trojan was hidden in around 7,000 Android apps. However, Symantec says it has been able to identify over 11,000 malicious applications. For the time being, the malware has been served only on Chinese app markets.

Servers and commands contained in encrypted file
Image credits to Symantec


Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | coupon codes