New malware turns Android devices into zombies
Users of devices running Google's Android operating system —especially rooted ones— have been warned against installing some Android apps that may turn their phones or tablets into zombies.
Security vendor Trend Micro said the library file in such apps, detected as ANDROIDOS_BOTPANDA.A, will connect to command-and-control (C&C) servers.
"(W)hen executed, (the library file in the app) renders the infected device as a zombie device that connects to specific command and control (C&C) servers. What is also noteworthy about this file is that it hides its routines in the dynamic library, making it difficult to analyze," it said.
"This malware also runs specifically on rooted devices, thus it is likely that this may spread through third-party app stores," it added.
It said ANDROIDOS_BOTPANDA.A is another reason why users should be cautious in downloading apps, specifically those from third-party app stores.
Trend Micro said the malicious library "libvadgo" contained in ANDROIDOS_BOTPANDA.A was developed via NDK and loaded using Java Native Interface.
NDK is a toolset used by would be-Android developers in creating apps.
Citing its analysis, Trend Micro said the malware checks for certain system files and replaces them to avoid detection.
It also makes modifications such that the malware can be launched automatically.
But Trend Micro said the C&C servers the malware referred to were already down during its analysis. "Thus we cannot confirm the exact commands that it performs on the infected device," it said.
What makes the malware dangerous is that it hides its malicious routines in the said dynamic library, making it hard to analyze, Trend Micro said.
"It also kills certain processes, hooks important system commands, and replaces files to make detection and removal solutions difficult. If more Android malware use this technique in the future, delivering analysis and solutions will prove to be challenging for security experts," it warned. — TJD, GMA News
Talk of the web