Level 22
Malware Hunter
Security researchers have found a new Android malware strain that has been designed to steal data from mobile instant messaging clients.
This new trojan is quite simple in its design, researcher from cyber-security firm Trustlook said in a report published on Monday.
Trojan has only a handful of features
The trojan has only a few abilities. The first is to gain boot persistence by unpacking code from an infected app's resources. The code will attempt to modify the "/system/etc/install-recovery.sh" file, which if successful, would allow the malware execute with every boot.
Second, the malware can extract data from the following Android IM clients, data that it will later upload to a remote server. The malware retrieves the IP of this server from a local configuration file.
Simple features, but advanced evasion techniques
Trustlook researchers say that despite the singular focus on stealing IM data, the malware uses a few advanced evasion techniques. For example, the malware uses anti-emulator and debugger detection techniques to evade dynamic analysis, and also hides strings inside its source code to thwart lackadaisical code reversing attempts.