DroidLive New SMS Android Trojan
(Publication) Google search: [1]
| DroidLive New SMS Android Trojan | |
|---|---|
| Botnet | |
| Malware | DroidLive |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2011 / 11 novembre 2011 |
| Editor/Conference | CS State University |
| Link | http://www.csc.ncsu.edu/faculty/jiang/DroidLive/ (Archive copy) |
| Author | Xuxian Jiang |
| Type | |
Abstract
“ My research group, in collaboration with NQ Mobile, recently uncovered another SMS Trojan named -- DroidLive -- in third-party Android markets. The malware attempts to disguise itself as a Google library, but actually receives commands from a remote Command and Control (C&C) server, which allow it to engage in sending text messages to premium numbers, making phone calls, collecting personal information, and other nefarious activities. Also, one unusual behavior of this malware is its attempt of installing itself as a device administration app. Though this requires user consent, if such consent is given, DroidLive can obtain privileges closer to those granted only to the device's firmware. To the best of our knowledge, this is the first malware that takes advantage of the device administration API.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR844,
editor = {CS State University},
author = {Xuxian Jiang},
title = {DroidLive New SMS Android Trojan},
date = {Error: Invalid time.},
month = Error: Invalid time.,
year = {2011},
howpublished = {\url{http://www.csc.ncsu.edu/faculty/jiang/DroidLive/}},
}