Android.Xiny trojan receives upgrade

September 27, 2016

A new version of the Andoid.Xiny trojan that can now root a device to gain admin privileges and that is harder to uninstall has been spotted by security researchers.

The latest mutation called Android.Xiny.60 was spotted by the Russian cyber researcher Doctor Web. The main upgrade noted was that the malware no longer has to trick its victims into giving it admin permissions, but instead roots the device and takes what privileges needs. Once on the device Android.Xiny.60 extracts the malicious components from its resource folder and copies them into the following directories:

/system/xbin/igpi;
/system/lib/igpld.so;
/system/lib/igpfix.so;
/system/framework/igpi.jar.

The malicious code then waits for one of several actions to take place, home screen activation, charger connection or change in network connection before it attempts to connect to its command and control server. When this is done it downloads stolen data to include MAC address, OS version, mobile device model and system language.

Android.Xiny trojan receives upgrade

Related

Brain Implants, Volt Typhoon, CosmicEnergy, OAuth, ILoveYou , Aaran Leyland, and More – SWN #301

Leaked LockBit, Babuk code leveraged by Buhti ransomware operation

CosmicEnergy malware poses ‘plausible threat’ to electric grids, researchers warn

Related Events

EMOTET Exposed: Inside the Cybercriminals’ Supply Chain

Email Emergency: Steering Clear of Phishing and BEC Scams

Ransomware & Data Exfiltration: A survival guide to prevention & response

Get daily email updates