Security Alert! Android Backdoor is after your device

  • 7
    Shares

Quick Heal Labs has detected a new threat that is out on the hunt for Android users. We came across an open-source script that adds a backdoor (a secret method hackers use to gain unauthorized access to a device) to any APK (Android application package).

The home page of the backdoor-apk looks like this (fig 1).

 

android-backdoor-1

Fig 1

Although the author has mentioned that this script is intended for educational purposes only, cybercriminals are using it to fuel their evil plans. And our analysis confirms so.

To read the technical analysis on this malware, download the PDF given below.

PDF icon

Important:
No other antivirus software has been able to detect this backdoor. Below is the result from virustotal:

vt

What does the backdoor do?

The package with 5 classes is just a wrapper which downloads the payload from Metasploit framework. Metasploit is a framework designed for penetration testing but in this case, is being used for a malicious intent. When the payload is received by the backdoor, it gives complete access to the victim’s device to the attacker including:

  • Starting any app
  • Shutting down device
  • Retrieving call logs, contacts, SMS, location, etc.
  • Sending SMSs
  • Recording audio from microphone
  • Taking pictures from device’s camera
  • Getting live video stream from device’s camera
  • Accessing all the files stored on the device
  • Changing wallpaper
  • Accessing shell

This is not the only script attackers are using in their malicious intents. There are much more; some are open-source while some, closed source. As scripts like these are easily available, the number of threats are increasing and are expected to keeping doing so in the future. Android users are advised to install Quick Heal Mobile Security App that proactively detects and blocks this threat as ‘Android.MetaBack.A’.

android-backdoor-2

 

ACKNOWLEDGMENT

Subject Matter Expert
– Gaurav Shinde (Threat Research and Response Team)

Quick Heal Security Labs

Quick Heal Security Labs


5 Comments

Leave a Reply to Gaurav Cancel reply

Your email address will not be published.

CAPTCHA Image

  1. Avatar Anirban DuttaOctober 27, 2016 at 9:15 AM

    I am using Fonetastic Pro. Can it protect me from this type of backdoor attack? Please reply. Thanks.

    Reply
  2. Avatar Subham KumarNovember 2, 2016 at 9:43 PM

    Hi Gaurav Sir, i am using Samsung Knox antivirus app on my J7 ,Will it protect me from the backdoor threat? Please reply..

    Reply
  3. Avatar rohan mandalNovember 3, 2016 at 10:42 AM

    My Samsung galaxy s dues3 reset my password

    Reply