Security alert: new TGLoader Android malware utilizes the exploid root exploit
(Publication) Google search: [1]
| Security alert: new TGLoader Android malware utilizes the exploid root exploit | |
|---|---|
| |
| Botnet | |
| Malware | TGLoader |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 22 mars 2012 |
| Editor/Conference | NC State University |
| Link | http://www.csc.ncsu.edu/faculty/jiang/TGLoader/ (Archive copy) |
| Author | Xuxian Jiang |
| Type | Blogpost |
Abstract
“ My research team, in collaboration with NQ Mobile, has identified a new malware called TGLoader that piggybacks on several apps in alternative markets. This malware embedded the exploid root exploit to gain the root privilege. After that, it further installed several payloads (including both native binary programs and Android apps) unbeknownst to users. The malware also listens to remote C&C servers for further instructions. Specifically, one particular "phone-home" function supported in TGLoader is to retreive a destination number and related message body from the C&C servers. Once received, it composes the message and sends it out in the background. This is a typical strategy that has been widely used in recent Android malware to send out SMS messages to premium-rate numbers.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR952,
editor = {NC State University},
author = {Xuxian Jiang},
title = {Security alert: new TGLoader Android malware utilizes the exploid root exploit},
date = {23},
month = Mar,
year = {2012},
howpublished = {\url{http://www.csc.ncsu.edu/faculty/jiang/TGLoader/}},
}