• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Malware   »   Trojanized Security Tool Serves as Backdoor App

Trojanized Security Tool Serves as Backdoor App

  • Posted on:March 10, 2011 at 1:30 pm
  • Posted in:Malware, Mobile
  • Author:
    Karl Dominguez (Threat Response Engineer)
6

I recently posted an entry about Trojanized applications that were found in the Android Market. About 50 repackaged versions of legitimate apps were pulled from the Android Market after being found infected with AndroidOS_LOTOOR.A. AndroidOS_LOTOOR.A steals mobile device information as well as gives unauthorized users root access to an infected device.

As course of action, Google pulled the applications from the Android Market, remotely removed the Trojanized apps from users’ devices, and deployed the Android Market Security Tool—a tool that reverses the modifications done by AndroidOS_LOTOOR.A and prevents the device from sending out device information.

Of course, what must come along but a Trojanized version of the very same application that Google released to protect users from Trojanized applications. While the legitimate application prevents information theft, AndroidOS_BGSERV.A does the opposite. It acts as a backdoor application that gathers device information and sends this to a remote URL. It also keeps a log of its routines, which it then sends to the same URL, enabling its proponents to keep track of its activities. The Trojanized application also performs functions and actions without the user’s authorization. These routines include modifying call logs, intercepting or monitoring messages, and downloading videos.

Click for larger view Click for larger view
Click for larger view Click for larger view

Several other new Android malware have been spotted as well, including AndroidOS_SMSREP.A, AndroidOS_FAKEP.A, and AndroidOS_FSPY.A. The increasing proliferation of Android malware clearly indicates that we have not seen the last of Trojanized apps. Users should thus continue exercising caution when installing and downloading applications.

Trend Micro offers security for Android mobile devices through Mobile Security for Android™.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.