New iDroid mobile trojan said to impact iOS and Android devices

Share this article:
Smartphones at risk of malicious code injection through HTML5-based apps
A new mobile trojan could possibly attack devices running either iOS or Android.

A new piece of mobile malware being offered up on Russian underground forums might be capable of attacking devices running either iOS or Android operating systems.

Researchers with Israel-based cyber intelligence company SenseCy recently discovered the trojan – named, perhaps appropriately, iDroid – being sold for about $800, according to a Monday post, which explains buyers must leave contact details with the seller in order to obtain the malware.

While noteworthy for impacting Android versions 2.2 and up, and iOS versions 7.1 and below, iDroid has many other capabilities, including keylogging, credit card and email grabbing, SMS sending and interception, conversation and screenshot recording, and stealing data from mobile wallets, such as QIWI.

Responders on the forums have been fairly skeptical of the malware, particularly because of how tough it is to infect iOS, but perhaps more because of how challenging it is to code a trojan that can impact two entirely different operating systems.

But it may not be impossible.

“There has been cross-platform malware in the past; however, it was usually a name for several components that were specific to the operating system and were loosely combined, or was using languages [such as] Java,” Assaf Keren, CTO of SenseCy, told on Monday.

Keren said that he cannot comment on whether iDroid actually does any of what it claims because technical analysis of the trojan has yet to be concluded, but after seeing a video that details much of the malware's offerings, he said it is likely that iDroid does at least some of what it asserts.

“The seller is very reputable in the underground – that makes it less likely to be a scam,” Keren said. “In these areas, if you're caught scamming and lying, you'll probably be kicked out and your revenue stream will stop.”

Version 0.8 of iDroid, said to be in the works, would add a utility for writing Zeus-like injections into banking and payment system applications, as well as enable automatic injections into 56 banking applications and automatic delivery of the trojan via Bluetooth, according to the post.

[An earlier version of this story reversed the iOS and Android versions that were impacted].
Share this article:
You must be a registered member of SC Magazine to post a comment.

Next Article in News

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.