- Apr 25, 2013
- 5,355
- Content source
- http://news.drweb.com/show/?i=5978&lng=en&c=5
At the dawn of the home PC era, most malicious programs were designed for fun or bragging rights rather than for achieving material gain. However, virus makers gradually became more and more interested in illicit income to the point that, today, malicious programs designed for any other purpose are hard to come by. Thus, Doctor Web's security researchers were stunned to get their hands on such a rare and unusual program, one that—on top of everything else—targets Android smart phones and tablets rather than Windows PCs. Despite its academic value, the new malicious program poses a severe threat because it removes all available data from memory cards and blocks the windows of popular messenger programs, preventing users from reading inbound short messages and normal communications.
The new Android Trojan, registered in the Dr.Web virus database under the name Android.Elite.1.origin, belongs to a rare class of malicious programs, namely, vandal programs. Virus makers usually craft such applications not for profit but rather to demonstrate their programming skills, express their opinion about certain events, or for fun or mischief. Programs of this kind often display various messages, corrupt files and interfere with a compromised system’s normal operation. That's exactly what the new Android Trojan, which is disguised as popular applications, does.
Once Android.Elite.1.origin has been launched, it attempts to force the user into granting it access to the mobile device’s administrative features which are supposedly required to complete the application’s installation properly. If successful, the program immediately commences formatting the available SD card by wiping all the data stored on it. After that, the malware waits for popular messengers to be launched.
Whenever the user attempts to start an official Facebook client, WhatsApp Messenger, Hangouts or the standard SMS application, Android.Elite.1.origin will block their active window by displaying the message OBEY or Be HACKED. The malware blocks only these programs and doesn't interfere with the operation of other applications or the OS.
To further hamper the usage of mobile communication tools, the malware hides all notifications about new incoming SMS. At the same time, received messages are saved in the Inbox folder which is actually unavailable because access to the messenger is blocked.
In addition to wiping SD cards and blocking messengers, Android.Elite.1.origin sends short messages to all the contacts found in the device's address book in five-second intervals. The message text is as follows:
HEY!!! [contact_name] Elite has hacked you. Obey or be hacked.
A similar text is sent as a reply to all incoming SMS from valid mobile phone numbers:
Elite has hacked you.Obey or be hacked.
So the mobile account associated with the compromised device can be depleted in minutes or even seconds.
The new Android Trojan, registered in the Dr.Web virus database under the name Android.Elite.1.origin, belongs to a rare class of malicious programs, namely, vandal programs. Virus makers usually craft such applications not for profit but rather to demonstrate their programming skills, express their opinion about certain events, or for fun or mischief. Programs of this kind often display various messages, corrupt files and interfere with a compromised system’s normal operation. That's exactly what the new Android Trojan, which is disguised as popular applications, does.
Once Android.Elite.1.origin has been launched, it attempts to force the user into granting it access to the mobile device’s administrative features which are supposedly required to complete the application’s installation properly. If successful, the program immediately commences formatting the available SD card by wiping all the data stored on it. After that, the malware waits for popular messengers to be launched.
Whenever the user attempts to start an official Facebook client, WhatsApp Messenger, Hangouts or the standard SMS application, Android.Elite.1.origin will block their active window by displaying the message OBEY or Be HACKED. The malware blocks only these programs and doesn't interfere with the operation of other applications or the OS.
To further hamper the usage of mobile communication tools, the malware hides all notifications about new incoming SMS. At the same time, received messages are saved in the Inbox folder which is actually unavailable because access to the messenger is blocked.
In addition to wiping SD cards and blocking messengers, Android.Elite.1.origin sends short messages to all the contacts found in the device's address book in five-second intervals. The message text is as follows:
HEY!!! [contact_name] Elite has hacked you. Obey or be hacked.
A similar text is sent as a reply to all incoming SMS from valid mobile phone numbers:
Elite has hacked you.Obey or be hacked.
So the mobile account associated with the compromised device can be depleted in minutes or even seconds.
