This is the first Android malware discovered to abuse the TOR network in order to conceal its connection to its C&C server. Users affected by this malware may find the security of their mobile devices compromised.
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.
This malware leverages the TOR network to connect with a remote server. It may be installed manually by a user.
This malware leverages the TOR network to connect with a remote server.
After installation, it shows the following common Android icon:
It runs at every system boot up. When first executed, it requests an administrator level permission and hide its icon from launcher.
It listens to SMS command from a remote C&C server. Based on the command, this malware may perform the following routines:
All the responses of these commands are sent out via TOR network to the remote server.
Trend Micro Mobile Security Solution
Trend Micro Mobile Security Personal Edition protects Android and iOS smartphones and tablets from malicious and Trojanized applications. It blocks access to malicious websites, increase device performance, and protects your mobile data. You may download the Trend Micro Mobile Security apps from the following sites:
Remove unwanted apps on your Android mobile device