Ever-Evolving Trojan Devices Infects Android Systems

Uploaded on 2016-10-05 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-IT & Telecoms


The Trojan known as Android.Xiny continues to evolve, and in its most recent iteration, Xiny has gained the ability to infect a core Android system process that facilitates and hides its malicious behavior, making the uninstallation process many times more difficult.

The first versions of Android.Xiny appeared in March 2015, and just like all malware in its beginnings, these versions were trivial to detect and with minimal features.

But Xiny evolved, and in January 2016, security researchers were reporting about new stealth features that allowed the Trojan to pass through Google’s security scans and make its way inside the Play Store, disguised inside 60 apps.

At that particular point in time, the Trojan relied on tricking users into giving those apps root privileges in order to function. Once users granted Xiny admin rights, the Trojan would show ads, install other apps, or steal data from the device and hide it inside PNG images via a technique called steganography. 

Xiny doesn’t ask users for admin rights anymore. It takes them by force Dr. Web, a Russian security firm, says recent versions of this Trojan don’t bother asking users for admin privileges but come with an exploit package that gets these rights by rooting the device.

The security vendor says these versions haven’t been spotted in live & distributed apps, but appear to be a test version on which the crooks are still working.

But rooting the device is not the most dangerous function. Researchers also say Android.Xiny will install rogue modules inside Android system directories, which it will use to infect Zygote, one of Android’s core processes.

Android.Xiny hijacks Android’s Zygote process

With control over Zygote, Xiny then injects other packages in other applications. For example, researchers say they’ve found functionality in Xiny’s code to infect the Google Play app, which it uses to install other apps on the system, without the user’s consent.

Further, Xiny can also inject the processes of IM chat application, and intercept or send messages. The Trojan also targets banking or other financial apps and uses its root privileges to show a fake login page and collect user credentials.
Android.Xiny is not the first Android Trojan that infected Android’s Zygote process. In February, ant-virus experts at Dr. Web also discovered Android.Loki, which behaves in a similar way, by rooting the device and infecting Zygote to install unwanted apps on the user’s device, for the crook’s monetary gain.

LetsTalkNow
 

 

« Cybersecurity Start-Ups Working With GCHQ
Five Technologies Changing Our lives In Five Years »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Perforce Software

Perforce Software

Perforce helps companies build complex software products more collaboratively, securely, and efficiently.

FIDO Alliance

FIDO Alliance

FIDO Alliance is a non-profit organization formed to address the lack of interoperability among strong authentication devices.

Cyber Fusion Center - Maryville University

Cyber Fusion Center - Maryville University

Maryville University Cyber Fusion Center is a virtual lab for working on real-world cyber security challenges.

ATSEC Information Security

ATSEC Information Security

ATSEC is an independent, privately-owned company that focuses on providing laboratory and consulting services for information security.

ID Experts

ID Experts

ID Experts is a leading provider of identity protection and data breach services for companies and individuals throughout the USA.

Preempt Security

Preempt Security

The Preempt Platform delivers adaptive threat prevention that continuously preempts threats based on identity, behavior and risk.

Yelbridges

Yelbridges

Yelbridges is your reliable partner in all fields of IT-Security, from developing of Security Policies and Guidelines to the design and implementation of secure processes.

GlobalPlatform

GlobalPlatform

GlobalPlatform’s specifications are highly regarded as the international standard for enabling digital services and devices to be trusted and securely managed throughout their lifecycle.

ReconaSense

ReconaSense

ReconaSense helps protect people, assets, buildings and cities with its next-gen access control and converged physical security intelligence platform.

BlackDice Cyber

BlackDice Cyber

Threat Intelligence is only part of the solution. Our solution matches threats to vulnerabilities and automatically takes remedial action against compromised apps, devices and websites.

Matrium Technologies

Matrium Technologies

Matrium Technologies has been a leading provider of technology solutions since 1991, with a strong industry background in Network Testing, Network Visibility and Security.

HarfangLab

HarfangLab

HarfangLab develops a hunting software to boost detection and neutralization of cyberattacks against companies endpoints.

International Cyber Threat Task Force (ICTTF)

International Cyber Threat Task Force (ICTTF)

The International Cyber Threat Task Force is a not-for-profit initiative promoting the ecosystem of an International independent non-partisan cyber security community.

Tenable

Tenable

Organizations around the world rely on Tenable to help them understand and reduce cybersecurity risk across their attack surface—in the cloud or on-premises, from IT to OT and beyond.

Aikido Technology Services

Aikido Technology Services

Aikido Technology Services is a leading-edge technology solutions provider, servicing the Pacific North West USA. We offer affordable IT solutions designed to streamline and secure your business.

NETAND

NETAND

NETAND privileged access and identity management solutions will secure your business from cyber threats.