This is the first Android malware discovered to abuse the TOR network in order to conceal its connection to its C&C server. Users affected by this malware may find the security of their mobile devices compromised.
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.
This malware leverages the TOR network to connect with a remote server. It may be installed manually by a user.
This malware leverages the TOR network to connect with a remote server.
After installation, it shows the following common Android icon:
It runs at every system boot up. When first executed, it requests an administrator level permission and hide its icon from launcher.
It listens to SMS command from a remote C&C server. Based on the command, this malware may perform the following routines:
All the responses of these commands are sent out via TOR network to the remote server.
Trend Micro Mobile Security Solution
Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.
Remove unwanted apps on your Android mobile device