Jump to content


Photo

Symantec warns of Android Trojans


  • Please log in to reply
No replies to this topic

#1 TheSentinel

TheSentinel

    The man in the dark

  • General Admin
  • 24,854 posts

Posted 04 February 2012 - 05:21 PM

QUOTE
Symantec warns of Android Trojans that mutate with every download
A new Android Trojan employs server-side polymorphism to generate unique variants
By Lucian Constantin
February 3, 2012 06:52 AM ET

IDG News Service - Researchers from security vendor Symantec have identified a new premium-rate SMS Android Trojan horse that modifies its code every time it gets downloaded in order to bypass antivirus detection.

This technique is known as server-side polymorphism and has already existed in the world of desktop malware for many years, but mobile malware creators have only now begun to adopt it.

A special mechanism that runs on the distribution server modifies certain parts of the Trojan in order to ensure that every malicious app that gets downloaded is unique. This is different from local polymorphism where the malware modifies its own code every time it gets executed.

Symantec has identified multiple variants of this Trojan horse, which it detects as Android.Opfake, and all of them are distributed from Russian websites. However, the malware contains instructions to automatically send SMS messages to premium-rate numbers from a large number of European and former Soviet Union countries.

In some cases, especially when security products rely heavily on static signatures, detecting malware threats that make use of server-side polymorphism can be difficult.

More details about that at:
http://www.computerw..._every_download