In February this year, the specialists of Doctor Web found a set of malicious applications for the Android operating system. Doctor Web called those Trojan - Android.Loki.1.origin, Android.Loki.2.origin and Android.Loki.3 respectively.
The first uses for downloading library that mobile Dr.Web determines how Android.Loki.6. In turn, the library is introduced into the system processes through the Trojan Android.Loki.3, then Android.Loki.1.origin receives the right to operate the system with the user system. This last is a service that can, for example, download from Google Play for any application using the special link forwarded to the account of a partner program. As a result, an attacker can get a steady income, and simultaneously remove any application on your smartphone , as well as demonstrate various notifications.
The second - Android.Loki.2.origin - is able to be installed on a mobile device, any application by a command from the management server and show the user ads. This Trojan can spy, sending its owner IMEI, IMSI, and mac-address of the infected smartphone, as well as complete information on hardware and MCC / MNC-IDs. After sending the data to the management server, in response to receiving Android.Loki.2.origin configuration file needed for further work.
Android.Loki.3, introduces liblokih.so library in the system service process and allows system_server execute commands with root-rights. The last act as other Trojan family Android.Loki. Thus Trojan attackers transmit path to the script that want to perform, and Android.Loki.3 runs this script. This leads to a natural question - how to deal with it all? "Doctor Web" offers only one way - to flash your smartphone using the original OS image. Related Products :
|