Security researchers at DoctorWeb have disclosed that malware known as Android.Xiny.19.origin has infected dozens of applications available in Google Play.
At first sight, the applications show no signs of having been infected, due to the fact that once an application has been downloaded, it is not simply an empty shell containing the malware, but a veritable game. However, as soon as the victim opens the application, a Trojan horse executes the malware and infects the telephone.
Android.Xiny then connects to a command and control (C&C) server to supply the hacker with many items of information relating to the telephone, including the following in particular:
- IMEI number (a unique code which identifies the telephone)
- MAC address
- The language and version of the operating system
- The name of the operator
All this contextual information enables the hacker, using one of the functionalities of the malware, to install (or un-install) any application on the phone (e.g. an exploit kit to take advantage of vulnerabilities linked to an identified version of the Android system). All the data held in the telephone or on the memory card can thus be exfiltrated to the C&C server.
An ingenious concealment technique
The hacker who originated the malware used techniques taken from steganography (the art of the secret concealment of information) to hide the malware within an image and thus make detection difficult for anti-virus software. In addition, the malware has the ability to download multiple applications whose appearance and computer code leave no doubt as to their malicious intent, in order to deceive the virus protection and thus melt away in the mass of applications. The user himself will prioritise the removal of applications which he considers to be dangerous, paying no attention to a simple game.
This case is yet another example that demonstrates the hacking community’s growing interest in these devices, which are increasingly on-line and contain as much sensitive personal (or professional) information as “traditional” devices such as computers.
A growing area for attack
Hackers have found a playground that never ceases to expand: in the course of 2015, 341.5 million smartphones were sold around the world. Considering the fact that 90% of those smartphones run under Android and are permanently connected to the Internet, the information held on these devices is subject to increasing risks with each day that passes.