• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 28th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Android

New Android Malware Stealing Data from Popular Messenger Apps

April 3rd, 2018 Waqas Security, Android, Malware 0 comments
New Android Malware Stealing Data from Popular Messenger Apps
Share on FacebookShare on Twitter

Almost all Instant Messaging Platforms like Facebook, Twitter, Skype, Line, and Viber Targeted by the malware.

Researchers at cyber-security firm Trustlook Labs have identified new Android Trojan that is stealing data from all mainstream instant messaging apps for mobile. The list of targeted apps is available below:

Twitter
Skype
Viber
Weibo
Line
Coco
BeeTalk
Tencent WeChat
Gruveo Magic Call
Telegram Messenger
Facebook Messenger
Voxer Walkie-Talkie Messenger
TalkBox Voice Messenger Momo

According to researchers’ blog post, the malware can effectively hide its configuration file and some of its modules to evade detection. In their report, which was published on Monday, researchers noted that this malware is not as sophisticated as those discovered previously and has limited capabilities.

Its main task is to collect sensitive user data from instant messaging apps and IM clients. Once the malware successfully infects an app, it modifies the “/system/etc/install-recovery.sh” file. After this, it enables the file to be executed every time the infected app is opened.

More: Facebook collected Android users’ call and SMS logs with “their permission”

The Trojan uses anti-emulator and debugger detection methods for evading dynamic analysis and hiding the strings. It also adds some of its modules to its Assets folder while all modules are in encrypted format. In some modules such as “sx”, “sy”, “coso”, “dmnso”, the malware uses the first byte of the module to XOR for data decryption.

For instance, the original “coso” module in the Assets folder is converted into an ELF module after decryption. The information about malware’s C&C server and other properties is stored in the configuration file. This file is accessed by the malware whenever it has to communicate with the attacker. The stolen data is transferred to a remote server.

It boasts of a very simple and straightforward design with a one-directional attack approach. However, the evasion techniques that it adopts are pretty advanced, which makes it difficult for anti-virus software to detect it.

Given the singular objective of this Android Trojan, which is to steal data, it becomes apparent that the controllers of malware need to collect sensitive data exchanged during private conversations. This may include images and videos too as such data can be used for extortion.

The malware’s distribution method is yet unknown to the researchers. According to Trustlook Labs, the malware was discovered in Cloud Module, a Chinese app, while the package that contained the malware was identified to be com.android.boxa.

It is also possible that third-party app stores are responsible for spreading the infectious app. Therefore, it is advised that Android users should avoid downloading third-party apps, scan the device regularly with an anti-malware and keep its operating system updated.

More: Android malware HenBox hits Xiaomi devices & minority group in China

  • Tags
  • Android
  • Facebook
  • hacking
  • internet
  • Malware
  • Messenger
  • Privacy
  • security
  • Skype
  • Telegram
  • TROJAN
  • twitter
Facebook Twitter LinkedIn Pinterest
Previous article Streaming site 123movies has been shut down
Next article How to delete your Facebook data in bulk with this Chrome extension
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
World's Most 'Resilient Malware' Botnet Emotet Taken Down

World's Most 'Resilient Malware' Botnet Emotet Taken Down

Top Cybersecurity Threats to Watch in 2021

Top Cybersecurity Threats to Watch in 2021

Database of 176 million Pakistani mobile phone users sold online

Database of 176 million Pakistani mobile phone users sold online

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
NetWalker ransomware disrupted - Cryptocurrency and domain seized
Cyber Crime

NetWalker ransomware disrupted - Cryptocurrency and domain seized

34
Transferring Whatsapp data from iPhone to Android with MobileTrans
How To

Transferring Whatsapp data from iPhone to Android with MobileTrans

25
World's Most 'Resilient Malware' Botnet Emotet Taken Down
Cyber Crime

World's Most 'Resilient Malware' Botnet Emotet Taken Down

63

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us