Backdoor.AndroidOS.Torec.a: First Tor-Based Trojan for Android

List of commands sent to Orbot-powered Android Trojan

Security researchers from Kaspersky say they’ve identified the first Tor-based Android Trojan. The threat, dubbed Backdoor.AndroidOS.Torec.a, uses the anonymization network to hide its communications.

According to experts, Torec.a relies on Orbot, an open source Tor client for Android mobile devices.

Orbot functionality is leveraged to send commands from the C&C server to the Trojan. The list of commands includes intercepting incoming SMSs, stealing incoming SMSs, retrieving information on the phone and the installed applications, and sending SMSs to a specified number.

Using Tor for C&C has some advantages, mainly the fact that the communications infrastructure is more difficult to disrupt. On the other hand, experts highlight that the malware developers have used more code to implement the use of Tor than they have for the Trojan’s own functionality.

Additional details on Backdoor.AndroidOS.Torec.a are available on Kaspersky’s blog (report in Russian).

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s