Casa > cibernético Notícias > Android.Sprovider.7 Trojan Found in Lenovo A319 and Lenovo A6000
CYBER NEWS

Android.Sprovider.7 Trojan encontrado no Lenovo A319 e Lenovo A6000

Bad news for Android users – Doctor Web has uncovered two types of downloader Trojans implemented in the firmware of Android devices. The Trojans communicate with a command & control server to receive instructions about the apps to silently download and run. These apps would start each time the device is turned on or rebooted.

relacionado: CVE-2016-5195, A abundância de falhas corrigidas em dezembro Boletim do Android


Android.Sprovider.7 Trojan and Android.DownLoader.473.origin Plague Multiple Android Devices

One of the Trojans, Android.Sprovider.7 troiano, has been found on Lenovo A319 and Lenovo A6000 smartphones. It can also open specific links in a browser, make phone calls to specified numbers via the system application, and display ads on top of apps and in the status bar, pesquisadores dizem.

Android.DownLoader.473.origin, por outro lado, is found on the following tablets and smartphones:

MegaFon Login 4 LTE, Irbis TZ85, Irbis TX97, Irbis TZ43, Irbis tz70, Irbis tz56, Bravis NB85, Bravis NB105, SUPRA M72KG, SUPRA M729G, SUPRA V2N10, Pixus Touch 7.85 3G, Itell K3300, General Satellite GS700, Digma Plane 9.7 3G, Nomi C07000, Prestigio, MultiPad Wize 3021 3G, Prestigio MultiPad PMT5001 3G, Optima 10.1 3G, TT1040MG, Marshal ME-711, 7 MID, Explay Imperium 8m, Perfeo 9032_3G, Ritmix RMD-1121, Oysters T72HM 3G, and Jeka JK103.

Researchers point out that the list may not be complete meaning that other devices may be affected as well.


Both of the Trojans are also downloaders, activated every time the device is turned on. Android.DownLoader.473.origin particularly is set to monitor the Wi-Fi module and connect to the command & control server to get the configuration file with further instructions, pesquisadores explicar.

The file also has information about the specific app the Trojan serves to download and install.

The Trojan can download not only benign applications but also malware and unwanted ones. Por exemplo, Android.DownLoader.473.origin actively distributes the advertising program H5GameCenter that is detected by Dr.Web as Adware.AdBox.1.origin. Uma vez instalado, it displays a small box image on top of running applications.

This image can’t be removed from the device’s screen. If it’s clicked, a catalog will open which is implemented in Adware.AdBox.1.origin, an adware program that will bring along unwanted and intrusive ads.


As to why these Trojans were found in Android firmware, researcher give the following explanation:

It is known that cybercriminals generate their income by increasing application download statistics and by distributing advertising software. Portanto, Android.DownLoader.473.origin and Android.Sprovider.7 were incorporated into Android firmware because dishonest outsourcers who took part in creation of Android system images decided to make money on users.

The worst thing is that these pieces can easily bring more malware onto users. Felizmente, the manufacturers have been notified. Users who own any of the devices mentioned in the article are urged to contact available tech support to get updated and to clean the system software.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *