It is currently 20-10-2017 06:32

Windows-DualToy Trojan without the user downloads the app on iOS and Android devices

Windows-DualToy Trojan without the user downloads the app on iOS and Android devices

by sigismund » 2016-09-15 11:11:43


the Malware gets root privileges on your device and in the background installs apps.


Researchers from Palo Alto have uncovered details about Troyan DualToy for computers running Windows. The malware is able to quietly load the mobile app on any iOS and Android device connected to your system via USB cable.

Attackers use DualToy since January 2015, however in its original form it could only infect an Android device. Six months after the first release came the second with iOS, but the number of infected devices has been growing rapidly just now. According to researchers, there are currently about 8 thousand samples DualToy.

The malware is written in C++ and Delphi. Intizarova system, he first downloads and installs the Android Debug Bridge (ADB) and drivers iTunes for Windows. These applications need the Trojan to communicate with any computer connected to the device. Each is connected to a computer smartphone or tablet DualToy default perceives as the device belonging to the owner of an infected PC, and trying to use stored on the computer data for its authentication.

Having access to a device, the Trojan connects to its C&C server downloads the list required to install the apps, downloads and installs them on the mobile device of the victim. In order to avoid difficulties when installing applications on an Android smartphone DualToy also downloads from C&C server and launches a special code. This code provides the Trojan root access, so that it can in the background to install on the device any software without the participation of its owner.

In the case of the iPhone and iPad, the Trojan downloads and runs code that collects information such as IMEI, IMSI, ICCID, serial number and phone number. The purpose of this operation is still unknown. Infected iOS devices DualToy also steals the Apple ID and password of the user and sends them to its C&C server.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5