Like their Computer counterparts, A lot of Mobile Antivirus Security apps now also offer strong Firewalls for mobile devices. But the question is, how strong can your mobile antivirus' Firewall be and can it withstand Android.Spywaller's attack?
Android.Spywaller is known to be a malware that could block a certain mobile security app/antivirus app namely, Qihoo360's, then steal user information.
What does Android.Spywaller do to my Firewall?
Android.Spywaller uses an embedded firewall binary, DroidWall(a customized version of iptables for Android) to create Firewall rules that blocks a certain security application(Qihoo360) by referencing its UID.
How does Android.Spywaller work?
Android.Spywaller disguises itself as a 'Google Service' app. Once installed, the malware hides it's app icon to avoid user detection. It then scans the infected device if it has Qihoo360 antivirus app installed.
If the malware discovers that there is a Qihoo360 antivirus app installed, it will get the app's unique identifier(UID) and then runs a firewall binary in order to block Qihoo360.
After blocking the infected device's antivirus, the malware collects the user's sensitive information and sends them to the attacker's remote server.
The malware attempts to gather these information from the user such as system-based personally identifying information aka PII (includes: call logs, SMS messages, GPS readings, system browser data, emails, radio, images, contacts) and also collects data from certain third-party communication apps such as BlackBerry Messenger, Oovoo, Coco, QQ, SinaWeibo, Skype, Talkbox, TencentWeibo, Voxer, Wechat, Whatsapp, and Zello.
Article Ref: http://www.symantec.com/connect/blogs/spyware-androidspywaller-uses-legitimate-firewall-thwart-security-software
No comments:
Post a Comment