Ever-Evolving Trojan Devices Infects Android Systems

Uploaded on 2016-10-05 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms


The Trojan known as Android.Xiny continues to evolve, and in its most recent iteration, Xiny has gained the ability to infect a core Android system process that facilitates and hides its malicious behavior, making the uninstallation process many times more difficult.

The first versions of Android.Xiny appeared in March 2015, and just like all malware in its beginnings, these versions were trivial to detect and with minimal features.

But Xiny evolved, and in January 2016, security researchers were reporting about new stealth features that allowed the Trojan to pass through Google’s security scans and make its way inside the Play Store, disguised inside 60 apps.

At that particular point in time, the Trojan relied on tricking users into giving those apps root privileges in order to function. Once users granted Xiny admin rights, the Trojan would show ads, install other apps, or steal data from the device and hide it inside PNG images via a technique called steganography. 

Xiny doesn’t ask users for admin rights anymore. It takes them by force Dr. Web, a Russian security firm, says recent versions of this Trojan don’t bother asking users for admin privileges but come with an exploit package that gets these rights by rooting the device.

The security vendor says these versions haven’t been spotted in live & distributed apps, but appear to be a test version on which the crooks are still working.

But rooting the device is not the most dangerous function. Researchers also say Android.Xiny will install rogue modules inside Android system directories, which it will use to infect Zygote, one of Android’s core processes.

Android.Xiny hijacks Android’s Zygote process

With control over Zygote, Xiny then injects other packages in other applications. For example, researchers say they’ve found functionality in Xiny’s code to infect the Google Play app, which it uses to install other apps on the system, without the user’s consent.

Further, Xiny can also inject the processes of IM chat application, and intercept or send messages. The Trojan also targets banking or other financial apps and uses its root privileges to show a fake login page and collect user credentials.
Android.Xiny is not the first Android Trojan that infected Android’s Zygote process. In February, ant-virus experts at Dr. Web also discovered Android.Loki, which behaves in a similar way, by rooting the device and infecting Zygote to install unwanted apps on the user’s device, for the crook’s monetary gain.

LetsTalkNow
 

 

« Cybersecurity Start-Ups Working With GCHQ
Five Technologies Changing Our lives In Five Years »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jones Day

Jones Day

Jones Day is an international law firm based in the United States. Practice areas include Cybersecurity, Privacy & Data Protection.

KELA

KELA

KELA's powerful cybercrime intelligence platform uncovers and neutralizes the most relevant cybersecurity threats coming from the hardest-to-reach places on the internet.

Cyber Command

Cyber Command

Our Managed IT service allows clients to offload the management of day-to-day computer, server, and networking support to our team of professionals.

Exonar

Exonar

We enable organisations to better organise their information, removing risk and making it more productive and secure.

DataArt

DataArt

DataArt is a global technology consultancy that designs, develops and supports unique software solutions. Areas of activity include software security testing.

Gradiant

Gradiant

Gradiant’s mission is to contribute to the growth and competitive improvement of Galician businesses through technology development and innovation using ICT.

Red Sift

Red Sift

Red Sift is the only integrated cloud email and brand protection platform, supporting organizations to secure their communications.

SOOHO

SOOHO

SOOHO helps to detect security vulnerabilities earlier. Our blockchain security platform audits from smart contracts to on-chain transactions.

Attack Research

Attack Research

We go far beyond standard tools and scripted tests. Find out if your network or technology can stand real-world and dedicated attackers.

Ultratec

Ultratec

Ultratec provide a range of data centric services and solutions including data recovery, data erasure, data destruction and full IT Asset Disposal (ITAD).

Salient Law

Salient Law

Salient Law is a virtual law firm that specialises in advising providers and users of technology on contracts involving technology.

CentricalCyber

CentricalCyber

CentricalCyber is a cyber risk consultancy and NIST CSF specialist set up to help business leaders better understand and manage cyber risk.

Grip Security

Grip Security

Grip Security provides comprehensive visibility, governance and data security to help enterprises effortlessly secure a burgeoning and chaotic SaaS ecosystem.

Serbus

Serbus

Serbus Secure is a fully managed suite of secure communication, enterprise mobility and mobile device security tools.

Positka FSI Pte Ltd

Positka FSI Pte Ltd

Positka, being a Splunk Singapore partner, provides Splunk & Phantom Services, Cybersecurity & Risk Management, Analytics & Big Data, Lean Process Optimization, and Managed Security Services.

NetSfere

NetSfere

NetSfere provides next-generation messaging and mobility solutions to carriers and enterprises globally including its enterprise-grade, secure mobile messaging platform NetSfere Enterprise.