Malware Is Still Spying On Android After Your Mobile Is Off

As posted on the AVG blog, a new piece of Android Malware has been found.

After pressing the power button, you will see the real shutdown animation, and the phone appears off. Although the screen is black, it is still on.

While the phone is in this state, the malware can make outgoing calls, take pictures and perform many other tasks without notifying the user.

How does this happen?

First, we have to analyze in detail, the shutting down process.

On Android devices, when the power off button is pressed it will invoke the interceptKeyBeforeQueueingfunction of the class interceptKeyBeforeQueueing.interceptKeyBeforeQueueing will check if the power off button is pressed and go to certain process.

Malware Is Still Spying On You After Your Mobile Is Off.

Investigating Malware Pawn Storm for iPhone

As posted on the Fortinet Blog!

What does the malware do?

To summarize the malware’s goals, it fetches commands via HTTP GET from a remote C&C, and uploads information via HTTP POST. The command it recognizes are listed in the table below.

0 Get Info Device

1 Start Record

2 Get Audio File

3 Get Contact List

4 Current Location

5 Get Installed Apps

6 Wifi Status

7 Get all Pictures from Photo Library

8 List a given directory

9 Get a given file

10 Get process list

11 Get SMS

The code shows a few interesting things:

via Investigating on Pawn Storm for iPhone | Fortinet Blog.

Bank Hackers Steal Millions via Malware

PALO ALTO, Calif. — In late 2013, an A.T.M. in Kiev started dispensing cash at seemingly random times of day. No one had put in a card or touched a button. Cameras showed that the piles of money had been swept up by customers who appeared lucky to be there at the right moment.

BankMalware

But when a Russian cybersecurity firm, Kaspersky Lab, was called to Ukraine to investigate, it discovered that the errant machine was the least of the bank’s problems.

via Bank Hackers Steal Millions via Malware – NYTimes.com.