New iDroid mobile trojan said to impact iOS and Android devices

Share this article:
Smartphones at risk of malicious code injection through HTML5-based apps
A new mobile trojan could possibly attack devices running either iOS or Android.

A new piece of mobile malware being offered up on Russian underground forums might be capable of attacking devices running either iOS or Android operating systems.

Researchers with Israel-based cyber intelligence company SenseCy recently discovered the trojan – named, perhaps appropriately, iDroid – being sold for about $800, according to a Monday post, which explains buyers must leave contact details with the seller in order to obtain the malware.

While noteworthy for impacting Android versions 2.2 and up, and iOS versions 7.1 and below, iDroid has many other capabilities, including keylogging, credit card and email grabbing, SMS sending and interception, conversation and screenshot recording, and stealing data from mobile wallets, such as QIWI.

Responders on the forums have been fairly skeptical of the malware, particularly because of how tough it is to infect iOS, but perhaps more because of how challenging it is to code a trojan that can impact two entirely different operating systems.

But it may not be impossible.

“There has been cross-platform malware in the past; however, it was usually a name for several components that were specific to the operating system and were loosely combined, or was using languages [such as] Java,” Assaf Keren, CTO of SenseCy, told on Monday.

Keren said that he cannot comment on whether iDroid actually does any of what it claims because technical analysis of the trojan has yet to be concluded, but after seeing a video that details much of the malware's offerings, he said it is likely that iDroid does at least some of what it asserts.

“The seller is very reputable in the underground – that makes it less likely to be a scam,” Keren said. “In these areas, if you're caught scamming and lying, you'll probably be kicked out and your revenue stream will stop.”

Version 0.8 of iDroid, said to be in the works, would add a utility for writing Zeus-like injections into banking and payment system applications, as well as enable automatic injections into 56 banking applications and automatic delivery of the trojan via Bluetooth, according to the post.

[An earlier version of this story reversed the iOS and Android versions that were impacted].
Share this article:
You must be a registered member of SC Magazine to post a comment.

Next Article in News

Sign up to our newsletters

More in News

Ground system for weather satellites contains thousands of 'high-risk' bugs

Ground system for weather satellites contains thousands of ...

An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system ...

Threat report on Swedish firms shows 93 percent were breached

The study by KPMG and FireEye also found that 49 percent of detected malware was unknown.

Former acting HHS cyber director convicted on child porn charges

Former acting HHS cyber director convicted on child ...

Timothy DeFoggi, who was nabbed by the FBI last year in its Operation Torpedo investigation was convicted by federal jury in Nebraska.