A new Trojan threat has been discovered by the security experts that targets the popular instant messaging apps on Android phones. The threat could invade secretly inside the devices and steal all the personal information that are typed while making any conversation.
The threat makes the detection process tougher as it is characterized as simple way but it could have worse impact on your device. It is capable enough to hide its identity and continue to transfer all the recorded information to the remote IP address.
The following instant messaging app found to be the targets of the threat:
- Facebook Messenger
- Telegram Messenger
- Tencent WeChat
- Walkie Talkie Messenger, etc.
These messaging apps are widely used and therefore are the soft targets of the threat to steal as much data as they can worldwide.
The malware uses sophisticated approach for its distribution sources so as to any active anti-virus program could not track it. And to remain persistently active on the device, it alters “/system/etc/install-recovery.sh” file and launches its program with each ti,e device boot-up.
The security software program could not track it down due to its obfuscated configuration file and
a chunk of modules. Not only that, security analyst find it hard to detected through “Dynamic analysis” as the threat uses anti-emulator and debugger capabilities. They say that the threat hides its string within the source code and its other file like C&C server and other values are stored within a configuration file through which to communicates to its authors.
The Trojan was first detected in a Chinese application named as “Cloud Module” and the package named used is “com.android.boxa”. The threat is likely to be distributed through third-party websites and other Android application websites. As China does not have any Play Store but in other countries, it could take the advantage of various platforms to be distributed.
The data collected could be used for various illegitimate purposes. Today data breach issues are the main concern as the data may contain various vital information like: bank account credentials, login/passwords of saved websites, financial details, location and other private data.
Neil Haskins, the director of advisory services EMEA of IOActive, was cautious about the sensitive data of employees and the way the security was being handled. To this he said:
Many organizations spend time, money and resources on securing email platforms with the latest and greatest technology. They roll out email policy documents and then educate users on appropriate use of emails, forgetting that employees pass just as much info on IM, and in fact, because email is blocking them, they use IM to bypass the email controls. Such is human nature. Couple that with the fact that most people have multiple messaging apps on their laptops, tablets and mobile phones, the attack surface is huge.
Here are few tips to keep your Android secure and prevent your data from being tracked and misused by any third party app or malware:
- Users should very cautious while downloading any applications from untrusted sites, third-party websites and clicking on ad-links. It is recommended to use only use Google Play store for downloading any app.
- Be careful while granting permission to third-party apps being installed, as they can access your files, folders, photos, location and many so. Giving permission means they can collect your data and send them to their remote servers and further use them for various illicit purposes.
- Configure your privacy and security settings correctly and never leave your phone open to all third-party downloads. You can do this under Settings tab>Security> Unknown Sources. Keep the toggle “off” next to this setting. This will protect your phone from third-party download or sources. And any attempt will notify you before.
- Keep your phone locked with strong passwords and avoid using open network connection to connect your phone as they can drop any infection.
- Never leave your Computer, phones, laptops, tablets and other devices defenseless against threat. A strong and powerful anti-virus acts like a bridge between malicious applications and your phone. It is very important to get notified if any threat attempts to break your security and privacy.
Here is a suggestion for you: