Researchers from Kaspersky have spotted Tor-based Andorid Malware in the wild. Hackers have started creating Android based Trojans in mass scale. A new mrthod of Windows Trojan malware is implemented under Android has been spreading lately. The Android based Trojan, who as a C & C uses the domain of pseudo-zone- Onion.
The Trojan uses the anonymous network Tor, built on a network of proxy servers. In addition to providing user anonymity, Tor allows you to post in the blast zone. Onion «anonymous» sites accessible only to Tor.
Backdoor.AndroidOS.Torec.a is a variation of the popular Tor-client Orbot. Once the attacker has been successfl in adding the code in the application, the Trojan does not impersonating Orbot, it simply uses the functionality of the client.
Once the Trojan is infected on the target, it can potentially perform the following actions without user knowledge.
- start / stop intercepting incoming SMS
- start / stop the theft of incoming SMS
- make USSD request
- send to C & C data on the phone (the phone number, country, IMEI, model, version of OS)
- send to C & C list of installed applications on your mobile device
- send SMS to the number specified in the command
More details of this is available on http://www.securelist.com/ru/blog/207769023/Pervyy_TOR_troyanets_pod_Android
