INDIA: SonicWall Capture Labs Threats Research team recently observed malware writers misusing the recent Coronavirus scare to propagate their malicious creations. An Android app that goes by the name Coronavirus has been spotted that requests the victim to re-enter the pin/pattern on the device and steals information, while repeatedly requesting for Accessibility Service capabilities.
With additional capabilities based on traces present in the code, the attacker can control the device remotely making this malware a RAT (Remote Access Trojan). This malware persistently tries to invade/ embed itself in the device through multiple means. Android’s battery optimization feature puts an app in a suspended state to conserve battery, but since this malware is a RAT it works best when it is constantly listening for incoming commands from the attacker. Upon installation, this malware asks the user to ignore battery optimization for this app thereby preventing this app from going in a low power/sleep state. Later, when the SonicWall team tried revoking this permission from the app, it pulled a basic trick where it presses the back button just before the permission could be revoked. The same trick is used, once the user tries to un-installing the app.
In his observations, Debasish Mukherjee as VP, Regional Sales – APAC, SonicWall said, “This is a classic case of the attackers being opportunists. They ride on the fear of the larger public and develop codes to steal sensitive information and control mobile devices remotely. It is advised that people use discretion before falling prey to such attacks.”
Your email address will not be published. Required fields are marked *
Save my name, email, and website in this browser for the next time I comment.
Sign me up for the newsletter!
Notify me of follow-up comments by email.
Notify me of new posts by email.
2014 The Global Indian New Network (TGINN)