
New Android Trojan Steals Data from Messaging Apps Like Facebook, Twitter And Telegram.
A CyberSecurity firm Trustlook labs found a Trojan which obfuscates its configuration file and part of its modules.
The purpose of the content/file obfuscation is to avoid detection to steal data from messaging apps remotely. The malware has capabilities to modify the “/system/etc/install-recovery.
The malware collects information from the following apps:
- Tencent WeChat
- Voxer Walkie Talkie Messenger
- Telegram Messenger
- Gruveo Magic Call
- Line
- Coco
- BeeTalk
- TalkBox Voice Messenger
- Viber
- Momo
- Facebook Messenger
- Skype
The Malware has chinese name and uses the anti-emulator and debugger detection techniques to evade dynamic analysis. The Malware attempts to hide the strings to avoid being detected.
The malware also includes some modules in its Assets folder, and all the modules are encrypted.
|  | 
| Screenshot by TrustLook | 
Code obfuscation/hiding increases the malware author’s ability to avoid detection and becomes a sophisticated challenge to anti-virus software.
Security?
If you are running any third party Apps, you should be uninstalled it soon. Always use anti-malware security app in your mobile devices.
#hoc
 

 
 
 
 
 
 
 
0 Comments