3、安卓银行木马具备阻止反病毒程序启动功能
标题:Android Trojan Prevents Security Apps From Launching
作者信息:November 22, 2016 By Ionut Arghire
//BEGIN
A newly discovered Android banking Trojan has been designed not only to be resilient to anti-malware applications, but also to counter them by preventing them from launching, Fortinet security researchers warn.
Detected as Android/Banker.GT!tr.spy, the new malware family was designed to steal banking information from the users of 15 different mobile banking apps for German banks. What’s more, the Trojan’s authors can control the list of targeted applications from the command and control (C&C) server, meaning that they could easily target more of them.
运行在Android平台下的网银木马不满足与仅仅被动逃避反病毒软件的查杀,如今已经主动出击,阻止这些正规的反木马程序的运行。其盗取的目标对象是来自德国不同银行的15个网银APP应用程序,从该木马的设计来看,黑客作者完全可以改变这些APP的对象,从而扩展其目标范围。
//END
The malware communicates with the C&C server via HTTPS. In addition to the stolen banking credentials, it sends information such as device IMEI, the ISO country code, Android build version, device model, and phone number. It also collects a list of installed applications and sends it to the server.
To remove the Trojan, users should first disable its administrator rights by heading to Settings -> Security -> Device administrators -> Device Admin ->
Deactivate. Next, they can uninstall the malicious program with the help of ADB (Android Debug Bridge) by using the command ‘adb uninstall [packagename]’.
该网银木马采用HTTPS与其C2服务器通讯,处理盗取银行相关认证信息外,还顺带盗取了用户的移动终端信息:手机的IMEI码、国家代码、Android版本、手机型号、电话号码等,同时搜集一些已经安装的应用程序的列表,并将其发送到C2服务器上。清除该木马的方式,首先得暂停或者终止其管理员权限:设置/安全/管理员权限/系统管理员/Disabled!然后才可以通过ADB命令来卸载安装的恶意网银木马。
点评:Android反病毒建议采用AVL Pro! |