{"id":83551,"date":"2016-10-26T17:41:11","date_gmt":"2016-10-26T12:11:11","guid":{"rendered":"https:\/\/blogs.quickheal.com\/?p=83551"},"modified":"2016-10-26T20:03:13","modified_gmt":"2016-10-26T14:33:13","slug":"security-alert-android-backdoor-device","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/security-alert-android-backdoor-device\/","title":{"rendered":"Security Alert! Android Backdoor is after your device"},"content":{"rendered":"

Quick Heal Labs has detected a new threat that is out on the hunt for Android users. We came across an open-source script that adds a backdoor (a secret method hackers use to gain unauthorized access to a device<\/em>) to any APK (Android application package).<\/p>\n

The home page of the backdoor-apk looks like this (fig 1).<\/p>\n

 <\/p>\n

\"android-backdoor-1\"<\/p>\n

Fig 1<\/p>\n

Although the author has mentioned that this script is intended for educational purposes only, cybercriminals are using it to fuel their evil plans. And our analysis confirms so.<\/p>\n

To read the technical analysis on this malware, download the PDF given below.<\/p>\n

\"PDF<\/a><\/p>\n

Important:
\n<\/strong>No other antivirus software has been able to detect this backdoor. Below is the result from virustotal:<\/p>\n

\"vt\"<\/p>\n

What does the backdoor do?<\/strong><\/p>\n

The package with 5 classes is just a wrapper which downloads the payload from Metasploit framework<\/a>. Metasploit is a framework designed for penetration testing but in this case, is being used for a malicious intent. When the payload is received by the backdoor, it gives complete access to the victim’s device to the attacker including:<\/p>\n