Security researchers from Kaspersky say they’ve identified the first Tor-based Android Trojan. The threat, dubbed Backdoor.AndroidOS.Torec.a, uses the anonymization network to hide its communications.
According to experts, Torec.a relies on Orbot, an open source Tor client for Android mobile devices.
Orbot functionality is leveraged to send commands from the C&C server to the Trojan. The list of commands includes intercepting incoming SMSs, stealing incoming SMSs, retrieving information on the phone and the installed applications, and sending SMSs to a specified number.
Using Tor for C&C has some advantages, mainly the fact that the communications infrastructure is more difficult to disrupt. On the other hand, experts highlight that the malware developers have used more code to implement the use of Tor than they have for the Trojan’s own functionality.
Additional details on Backdoor.AndroidOS.Torec.a are available on Kaspersky’s blog (report in Russian).