Android.Xiny trojan receives upgrade


A new version of the Andoid.Xiny trojan that can now root a device to gain admin privileges and that is harder to uninstall has been spotted by security researchers.

The latest mutation called Android.Xiny.60 was spotted by the Russian cyber researcher Doctor Web. The main upgrade noted was that the malware no longer has to trick its victims into giving it admin permissions, but instead roots the device and takes what privileges needs. Once on the device Android.Xiny.60 extracts the malicious components from its resource folder and copies them into the following directories:

  • /system/xbin/igpi;
  • /system/lib/;
  • /system/lib/;
  • /system/framework/igpi.jar.

The malicious code then waits for one of several actions to take place, home screen activation, charger connection or change in network connection before it attempts to connect to its command and control server. When this is done it downloads stolen data to include MAC address, OS version, mobile device model and system language.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.