Seattle.gov Home Page
Link to DoIT Home Page Link to DoIT Home Page Link to DoIT About Us Page Link to DoIT Contact Us Page
Tech Talk Blog Home Page Tech Talk Blog Home Page CityLink Seattle
Welcome to Tech Talk
«    »
Subscribe to
TechTalk Subscribe to RSS feed


Search

Categories


CityLink Seattle

Contributors


Recent Posts


March 2012
M T W T F S S
« Feb   Apr »
 1234
567891011
12131415161718
19202122232425
262728293031  

Tags


Quick Links


New TGLoader Android malware found in alternative markets

Posted: March 27, 2012 10:21 am
By: - Information Security  

The TGLoader malware appeared in some alternative Android app markets recently, and researchers at North Carolina State University discovered and analyzed it, finding it has a wide range of capabilities.

The malware uses the “exploid” root exploit to get root privileges on compromised phones, and from there it starts installing a variety of apps and Android code that are designed to perform myriad malicious actions. “After that, it further installed several payloads (including both native binary programs and Android apps) unbeknownst to users.

The malware also listens to remote C&C servers for further instructions. Specifically, one particular “phone-home” function supported in TGLoader is to retrieve a destination number and related message body from the C&C servers. Once received, it composes the message and sends it out in the background.

This is a typical strategy that has been widely used in recent Android malware to send out SMS messages to premium-rate numbers,” an assistant professor at North Carolina State wrote in an analysis of the new malware.

From ThreatPost by Dennis Fisher

Source: http://threatpost.com/en_us/blogs/new-tgloader-android-malware-found-alternative-markets-032612