IRC bot for Android

[Jack]

Not so long time ago we found a very interesting piece of malware for Android. Unfortunately, it is not clear how it was spread but in any case it’s worth mentioning. The malicious application displays itself as ‘MADDEN NFL 12’ game after the installation.

The file size is over 5+ MB and actually is a Trojan that drops a set of malware components onto the system: root exploit, SMS Trojan and IRC bot. The .class file "AndroidBotAcitivity" maintains this dropper functionality. It creates a ‘/data/data/com.android.bot/files’ directory and sets ‘777’ permission (read/write/execute for all users). After that it extracts three files - ‘header01.png’ (root exploit), ‘footer01.png’ (IRC bot), ‘border01.png’ (SMS Trojan) - into this directory. Then it sets ‘777’ permission on the root exploit file and executes it. Finally, it displays the text ‘(0x14) Error - Not registred application’ on the screen.

If the exploit is executed successfully and the device is rooted, it launches the IRC bot ‘footer01.png’.

Read more ...

 

[McLovin]

I haven't come across this, if I do hope that Avast will pick it up.

 

[Jack]

I haven't come across this, if I do hope that Avast will pick it up.

It's even easier to prevent an infection , just do some research before installing any app : user reviews , what permission does it ask and so on....
Cyber criminals love to use known brands , like in this case 'MADDEN NFL 12' and put next to them in capital letter the word 'FREE'.....
A little common sense should tell you that EA would never give it away for free ......
Any Android User should know that he'll never be able to play NFS, FIFA, NBA or any other well-known game on Android for FREE , and when an app says otherwise he should do some extended research! Come on people , EA , Activision and the other corporations aren't doing it for the fun...but for $!;
The root method used (Gingerbreak) by this malicious app. has been patched for quite sometime now so most devices are left unaffected by the root attempt but like I've said a even simple way to prevent it is to do ,some basic research before installing any app.!

 

[Tom172]

Absolutely Jack.


Avoiding malicious Android apps

Android apps with unwanted malicious behavior are becoming more prevalent on the Android Market. Here are some tips to help you identify and avoid these apps.

1. Know the publisher: Knowing the publisher of the app you're looking for will help you identify if that app is real or not. An app from an unusual publisher is an indication that you should avoid it.
2.Take note of ratings and reviews: User feedback in the Android Market is a great way to asses the legitimacy of an app. The number of ratings can also be an indicator. If a popular app has few ratings, it's probably not the real thing.
3. Research using different sources: Gathering information from multiple sources and getting more than one opinion will help you make an informed decision on whether you want to install something or not. This is especially important as malware authors will often submit false reviews and ratings in an attempt to trick the user into downloading.

The Antivirus should be your last line of defense.