Blog
Quick Heal Security Labs

Security Alert! Android Backdoor is after your device

October 26, 2016
  • 7
    Shares
5
Estimated reading time: 2 minutes

Quick Heal Labs has detected a new threat that is out on the hunt for Android users. We came across an open-source script that adds a backdoor (a secret method hackers use to gain unauthorized access to a device) to any APK (Android application package).

The home page of the backdoor-apk looks like this (fig 1).

 

android-backdoor-1

Fig 1

Although the author has mentioned that this script is intended for educational purposes only, cybercriminals are using it to fuel their evil plans. And our analysis confirms so.

To read the technical analysis on this malware, download the PDF given below.

PDF icon

Important:
No other antivirus software has been able to detect this backdoor. Below is the result from virustotal:

vt

What does the backdoor do?

The package with 5 classes is just a wrapper which downloads the payload from Metasploit framework. Metasploit is a framework designed for penetration testing but in this case, is being used for a malicious intent. When the payload is received by the backdoor, it gives complete access to the victim’s device to the attacker including:

  • Starting any app
  • Shutting down device
  • Retrieving call logs, contacts, SMS, location, etc.
  • Sending SMSs
  • Recording audio from microphone
  • Taking pictures from device’s camera
  • Getting live video stream from device’s camera
  • Accessing all the files stored on the device
  • Changing wallpaper
  • Accessing shell

This is not the only script attackers are using in their malicious intents. There are much more; some are open-source while some, closed source. As scripts like these are easily available, the number of threats are increasing and are expected to keeping doing so in the future. Android users are advised to install Quick Heal Mobile Security App that proactively detects and blocks this threat as ‘Android.MetaBack.A’.

android-backdoor-2

 

ACKNOWLEDGMENT

Subject Matter Expert
– Gaurav Shinde (Threat Research and Response Team)

  • 7
    Shares

Have something to add to this story? Share it in the comments.

Quick Heal Security Labs
About Quick Heal Security Labs
Quick Heal Security Labs is a leading source of threat research, threat intelligence, and cybersecurity. It analyzes data fetched from millions of Quick Heal...
Articles by Quick Heal Security Labs »

5 Comments

Your email address will not be published.

CAPTCHA Image

  1. Anirban DuttaOctober 27, 2016 at 9:15 AM

    I am using Fonetastic Pro. Can it protect me from this type of backdoor attack? Please reply. Thanks.

    Reply
  2. Subham KumarNovember 2, 2016 at 9:43 PM

    Hi Gaurav Sir, i am using Samsung Knox antivirus app on my J7 ,Will it protect me from the backdoor threat? Please reply..

    Reply
  3. rohan mandalNovember 3, 2016 at 10:42 AM

    My Samsung galaxy s dues3 reset my password

    Reply