Ever-Evolving Trojan Devices Infects Android Systems


The Trojan known as Android.Xiny continues to evolve, and in its most recent iteration, Xiny has gained the ability to infect a core Android system process that facilitates and hides its malicious behavior, making the uninstallation process many times more difficult.

The first versions of Android.Xiny appeared in March 2015, and just like all malware in its beginnings, these versions were trivial to detect and with minimal features.

But Xiny evolved, and in January 2016, security researchers were reporting about new stealth features that allowed the Trojan to pass through Google’s security scans and make its way inside the Play Store, disguised inside 60 apps.

At that particular point in time, the Trojan relied on tricking users into giving those apps root privileges in order to function. Once users granted Xiny admin rights, the Trojan would show ads, install other apps, or steal data from the device and hide it inside PNG images via a technique called steganography. 

Xiny doesn’t ask users for admin rights anymore. It takes them by force Dr. Web, a Russian security firm, says recent versions of this Trojan don’t bother asking users for admin privileges but come with an exploit package that gets these rights by rooting the device.

The security vendor says these versions haven’t been spotted in live & distributed apps, but appear to be a test version on which the crooks are still working.

But rooting the device is not the most dangerous function. Researchers also say Android.Xiny will install rogue modules inside Android system directories, which it will use to infect Zygote, one of Android’s core processes.

Android.Xiny hijacks Android’s Zygote process

With control over Zygote, Xiny then injects other packages in other applications. For example, researchers say they’ve found functionality in Xiny’s code to infect the Google Play app, which it uses to install other apps on the system, without the user’s consent.

Further, Xiny can also inject the processes of IM chat application, and intercept or send messages. The Trojan also targets banking or other financial apps and uses its root privileges to show a fake login page and collect user credentials.
Android.Xiny is not the first Android Trojan that infected Android’s Zygote process. In February, ant-virus experts at Dr. Web also discovered Android.Loki, which behaves in a similar way, by rooting the device and infecting Zygote to install unwanted apps on the user’s device, for the crook’s monetary gain.

LetsTalkNow
 

 

« Cybersecurity Start-Ups Working With GCHQ
Five Technologies Changing Our lives In Five Years »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

FireMon

FireMon

FireMon is the only agile network security policy platform for firewalls and cloud security groups providing the fastest way to streamline network security policy management.

ThreatHunter.ai

ThreatHunter.ai

ThreatHunter.ai (formerly Milton Security) is a business that tracks down and mitigates attacks in real time using our ARGOS Platform and our Elite Threat Hunters.

Forter

Forter

Forter provides new generation fraud prevention to meet the challenges faced by modern enterprise e-commerce.

Regulus Cyber

Regulus Cyber

Regulus enables drones, robots and autonomous vehicles to operate safely, without malicious or accidental interference to the operation of their mission.

Trustlook

Trustlook

Trustlook's SECUREai engine delivers the performance and scalability needed to provide total threat protection against malware and other forms of attack.

Cybersprint

Cybersprint

Cybersprint's Digital Risk Protection platform continuously monitors your digital footprint so you can make informed decisions on exposure to online threats, identify vulnerabilities and take action.

Cybersecurity & Infrastructure Security Agency (CISA)

Cybersecurity & Infrastructure Security Agency (CISA)

CISA leads the national effort to defend critical infrastructure against the threats of today and to secure against the evolving risks of tomorrow.

ITonlinelearning

ITonlinelearning

ITonlinelearning specialises in providing professional certification courses to help aspiring and seasoned IT professionals develop their careers.

Haven Group

Haven Group

Haven Group and its companies are a cyber security one-stop-shop for our clients offering a full range of cyber security services to our clients in a unified and united way.

ClassNK Consulting Service (NKCS)

ClassNK Consulting Service (NKCS)

ClassNK Consulting provides consulting services to the maritime industry with a focus on safety, security and compliance.

Secure Systems Innovation Corp (SSIC)

Secure Systems Innovation Corp (SSIC)

SSIC is a cyber risk analytics firm whose mission is to improve how businesses manage cyber risk through the power of data analytics. SSIC developed the X-Analytics cyber risk decisioning platform.

Deft

Deft

Deft (formerly ServerCentral Turing Group) is a trusted provider of colocation, cloud, and disaster recovery services.

Intel

Intel

Intel products are engineered with built-in security technologies to help protect potential attack surfaces.

Persona

Persona

At Persona, we’re humanizing online identity by helping companies verify that their users are who they say they are.

Oxylabs

Oxylabs

Oxylabs is the largest datacenter proxy pool in the market, with over 2 million proxies. Designed for high-traffic, fast web data gathering while ensuring superior performance.

AI or Not

AI or Not

AI or Not - Leverage AI to combat misinformation and elevate the landscape of compliance solutions.