MalBus
MalBus is an advanced Android Trojan that is unlikely to be used against regular users on purpose. Still, it is entirely possible that average Android device owners may end up with the MalBus Trojan on their devices. According to cybersecurity experts, the functionality of the MalBus is an evidence that it is likely to be used against high-ranking government and military officials – some of its features are dedicated to discovering files and text that contain specific keywords such as 'major,' 'general,' 'colonel,' 'Defense Security Command,' 'National Assembly,' 'Ministry of Unification' and others.
Another evidence that MalBus is likely to be used in targeted attacks is the fact that its authors have opted to disguise it as a plugin for transportation applications that are popular in South Korea. All of the corrupted, fake plugins were found on the Google Play Store, so it is safe to say that the criminals behind the MalBus project have worked out a way to get around Google Play Store's security mechanisms.
Once the fake application has been started, it will connect to a remote server and proceed to download an additional payload that MalBus needs to function. After this step is complete, the Trojan may spawn a prompt, which asks the victims to login to their Google Account – this prompt is fake, and entering their login credentials in it will expose them to the attacker. However, misappropriating a Google Account is not MalBus' only purpose, certainly.
MalBus is Spread to South Koreans by Fake Transportation Application Plug-ins
The threat features a fully functional Android Trojan that can accept and execute commands that the attackers can send out from one of the Command and Control servers. Surprisingly, the control servers are situated in different parts of the world, and it is likely that the attackers switch between them regularly – some of them are found in Turkey, Chile, Lithuania, South Korea, Azerbaijan, and Papua New Guinea. The MalBus Trojan supports a wide range of commands such as:
- Transfer a file from the compromised device to the control server.
- Upload a file from the control server to the compromised device.
- Compress and download the contents of entire directories.
- Run remote commands.
- Self-destruct.
- List installed Android applications.
- Fetch hardware and software device information.
The MalBus Trojan is a high-profile threat that is likely to be used for long-term reconnaissance and data-theft attacks. While its authors are likely to be interested in the phones owned by high-ranking government and military officials only, it is possible that many other people may end up infecting their smartphones or tablets with the MalBus Trojan accidentally.
To protect your Android devices from threats like this one, you should use a regularly updated and reliable anti-malware software suite.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.