Ever-Evolving Trojan Devices Infects Android Systems


The Trojan known as Android.Xiny continues to evolve, and in its most recent iteration, Xiny has gained the ability to infect a core Android system process that facilitates and hides its malicious behavior, making the uninstallation process many times more difficult.

The first versions of Android.Xiny appeared in March 2015, and just like all malware in its beginnings, these versions were trivial to detect and with minimal features.

But Xiny evolved, and in January 2016, security researchers were reporting about new stealth features that allowed the Trojan to pass through Google’s security scans and make its way inside the Play Store, disguised inside 60 apps.

At that particular point in time, the Trojan relied on tricking users into giving those apps root privileges in order to function. Once users granted Xiny admin rights, the Trojan would show ads, install other apps, or steal data from the device and hide it inside PNG images via a technique called steganography. 

Xiny doesn’t ask users for admin rights anymore. It takes them by force Dr. Web, a Russian security firm, says recent versions of this Trojan don’t bother asking users for admin privileges but come with an exploit package that gets these rights by rooting the device.

The security vendor says these versions haven’t been spotted in live & distributed apps, but appear to be a test version on which the crooks are still working.

But rooting the device is not the most dangerous function. Researchers also say Android.Xiny will install rogue modules inside Android system directories, which it will use to infect Zygote, one of Android’s core processes.

Android.Xiny hijacks Android’s Zygote process

With control over Zygote, Xiny then injects other packages in other applications. For example, researchers say they’ve found functionality in Xiny’s code to infect the Google Play app, which it uses to install other apps on the system, without the user’s consent.

Further, Xiny can also inject the processes of IM chat application, and intercept or send messages. The Trojan also targets banking or other financial apps and uses its root privileges to show a fake login page and collect user credentials.
Android.Xiny is not the first Android Trojan that infected Android’s Zygote process. In February, ant-virus experts at Dr. Web also discovered Android.Loki, which behaves in a similar way, by rooting the device and infecting Zygote to install unwanted apps on the user’s device, for the crook’s monetary gain.

LetsTalkNow
 

 

« Cybersecurity Start-Ups Working With GCHQ
Five Technologies Changing Our lives In Five Years »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

ID-SIRTII/CC

ID-SIRTII/CC

Security Incident Response Team for Internet Infrastructure in Indonesia.

Simula Research Laboratory

Simula Research Laboratory

Simula Research Laboratory carries out research in the fields of communication systems, scientific computing and software engineering.

MACH37

MACH37

MACH37 is a market-centric cybersecurity accelerator program designed to facilitate the creation of the next generation of cybersecurity product companies.

Zix

Zix

Zix offers secure email encryption, threat protection, archiving, DLP and BYOD security for hospitals, financial services, government, and more.

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub

The main objective of the Hub is to bring cybersecurity and other advanced technologies closer to companies and as a result help to increase their performance as Industry 4.0.

Trusona

Trusona

Trusona is a pioneer and leader in passwordless two-factor authentication (2FA).

Strategic Cyber Ventures (SCV)

Strategic Cyber Ventures (SCV)

SCV grow cybersecurity companies that disrupt advanced cyber adversaries and revolutionize the cyber product marketplace.

Madrona Venture Group

Madrona Venture Group

Madrona Venture Group invests in seed and early-stage technology companies in areas including cybersecurity.

ABCsolutions

ABCsolutions

ABCsolutions is dedicated to assisting businesses and professionals achieve compliance with federal anti-money laundering regulations in an intelligent and pragmatic way.

TekSynap

TekSynap

TekSynap is a full spectrum Information Technology services provider to federal government agencies.

Novem CS

Novem CS

Novem CS are bespoke cyber security specialists providing a highly effective and specialised approach to solving your cyber security challenges.

HTX (Home Team Science & Technology Agency)

HTX (Home Team Science & Technology Agency)

HTX brings together science and engineering capabilities to transform the homeland security landscape and keep Singapore safe.

Sage IT

Sage IT

Sage IT offer a wide range of professional and consulting services to help organizations overcome the challenges of today's ever-changing business environment.

Panasonic Automotive Systems

Panasonic Automotive Systems

Panasonic Automotive Systems brings together security technologies and human resources cultivated across an extensive range of businesses into the automotive field.

Softsource vBridge

Softsource vBridge

Softsource vBridge are an ICT systems integrator providing specialist technology solutions, professional services, technical expertise and data centre services.

Neeve

Neeve

Neeve is an edge cloud platform transforming smart buildings and spaces, making them more secure, smarter, and more sustainable.