2013年6月9日 星期日

最先進的 Android 木馬

最先進的 Android 木馬



卡巴斯基實驗室發現一個多功能的Android 木馬(命名為:Backdoor.AndroidOS.Obad.a),其不僅僅利用加密技術保護木馬原始碼,且於感染後第一次啟動,該木馬會收集以下資料,並將其發送到 Command and Control (C&C) Servers。

外洩的內容:
1.MAC address of the Bluetooth device
2.Name of operator
3.Telephone number
4.IMEI
5.Phone user’s account balance
6.Whether or not Device Administrator privileges have been obtained
7.Local time



接下來該木馬再接收從 Command and Control (C&C) Servers 下載的指令並再從藍芽散播至其它裝置。



指令列表與散播順序:

1.Send text message. Parameters contain number and text. Replies are deleted.
2.PING.
3.Receive account balance via USSD.
4.Act as proxy (send specified data to specified address, and communicate the response).
5.Connect to specified address (clicker).
6.Download a file from the server and install it.
7.Send a list of applications installed on the smartphone to the server.
8.Send information about an installed application specified by the C&C server.
9.Send the user’s contact data to the server.
10.Remote Shell. Executes commands in the console, as specified by the cybercriminal.
11.Send a file to all detected Bluetooth devices.

原文出自:SECURELIST
轉載自《網路攻防戰》

沒有留言:

張貼留言