14 DAY TRIAL // A Trojan that belongs to the old days of malware, when proving programming skills was the purpose, not making money, has been identified to affect Android devices by deleting data on storage cards and blocking access to certain apps.
Security researchers did not find any piece of code indicating financial benefits for the operators behind the malware and, because of this, subscribed it to the category of “vandal programs.”
The malicious file masquerades as Angry Birds Transformers, the latest game series from Rovio Entertainment, scheduled to be released for Android at the end of this month. iOS edition is supposed to come out earlier, on October 15.
Apart from being highly annoying, malware also destroys stored files
Since the malware is distributed as the unreleased Android version of an Angry Birds edition, it is safe to assume that it can make a lot of victims.
Researchers at Russian antivirus vendor Doctor Web have analyzed the behavior of the malware, which is now identified by their product as Android.Elite.1.origin, and discovered that it not only disrupts certain communication on the device, but it also deletes data available on the SD card.
The Elite Android Trojan requires administrative rights, informing the victim that these are necessary for the completion of the installation. The moment higher privileges are achieved, it automatically starts the wiping process of the storage unit.
Apart from this, the malware also prevents communication via text messages using the SMS service, the Facebook client, WhatsApp and Google Hangouts, according to the analysis from the Russian company.
Access to any of these is blocked and a screen showing the message “Obey Or Be Hacked” is displayed instead.
Furthermore, notifications about any incoming short text messages is hidden, and since access to the SMS app is restricted, the victim cannot view the information.
Fortunately, other activity on the device is not hindered in any way, which means that calls can still be made. “The malware blocks only these programs and doesn't interfere with the operation of other applications or the OS,” says Doctor Web.
Elite Trojan spams contact list
Although it lacks money-making capabilities, the threat can deal some financial damage to the affected user because it has the ability to send messages.
The behavior observed by the researchers includes sending texts to everyone in the contact list, but not to further propagate itself, but to promote the operators behind it.
The text reads, "HEY!!! [contact_name] Elite has hacked you. Obey or be hacked."
What is worse, the malware does this every five seconds, and issues a similar auto-reply to all incoming messages. This means that the next phone bill of the affected user could turn out be larger than usual.
As is usually the case, Elite Trojan is downloaded from third-party Android app stores, which are not properly verified against dangerous software.
A good personal security policy is to resist the temptation of downloading apps from insecure spots and to pay extreme attention to the software that is given administrative privileges on the smartphone.
