Annual Suspense Detective blockbuster: 360 Secrets of the elder Trojan three generations of "Seven Deadly Sins"

Recently, infected millions mobile phone "Elder Trojan" three generations surfaced, "Elder Trojan" three generations will replace the mobile phone system files, and download a large number of malicious programs and extremely difficult to clear, called the mobile phone "Ebola." November 24, 360 Internet Security Center released technical reports, the disclosure of bone pursuit of the three generations of the entire process of the elder Trojan, called Detective Blockbuster. In the end, the back of another Trojan family-"big drug lords". 360 Internet Security Center tracking two Trojan family suction flashlight The first tip of the iceberg a lot of recent users of the Android phone "inexplicably" appeared "Flashlight", "Calendar" and other applications, and without the premise of the root can not be unloaded. Even if you get the root permission uninstall, it will not be long before it appears again. According to the 360 Internet Security Center, there are more than millions of "sick cell phones" in a similar situation. The user's mobile phone inexplicable more "flashlight" and "calendar" the originator of the "elder Trojan" three generations of sneak into the mobile phone system after a large number of users with feedback and 360 Internet Security Center For detailed analysis of the investigation, found that the originator of the "Elder Trojan (fakedebuggerd)" Family of the latest variant of Three generations, the Trojan will be the Android system files/system/bin/debuggerd files to replace the heavy-name malicious files, and secretly download elf files, elf files in the mobile phone will automatically release and install malicious tampering flashlight and calendar applications. In addition, the "Elder Trojan" three generations will also hide their own process, back to write file modification time, concealment greatly enhanced. "The elder Trojan" Three generations will judge by the malicious tampering flashlight and the calendar application in the wave machine whether exists, if is unloaded will reconnect the network downloading installs, therefore many mobile phone users uninstall these programs will reappear. Trojan Host "Provincial electricity experts" surfaced "elder Trojan" three generations on Earth from where? 360 Internet Security Center analysis infection Model range found that its source is not with ROM, it should be released through the installer. Through a series of user feedback to further test waiting for replication, "the culprit" finally surfaced-"provincial power experts." Trojan in the malicious tampering of the "Provincial power experts" in the class name and string to a highly confusing encryption, increasing the difficulty of static analysis, at the same time, the runtime release Seed.jar files, this document is the "elder Trojan" three generations of the true host. The root of thousands of software installation package for Seed.jar 360 Internet Security Center analysis found that as long as the load run malicious files Seed.jar Mobile phone will infect the "elder Trojan" three generations, seed.jar by masquerading as a common software and "TJ" ad networking downloads to spread, These two categories of samples reached 1000, which is the "elder Trojan" three generations of infection is so high reason. Also, in contrast to earlier versions of Seed.jar files, the Seed.jar execution process is sent from "line style"Exhibition as "NET", using encryption algorithm from "naked" to "unrecognizable". Infringed the "big drug lords" family transmission path exposure in the analysis of the "elder Trojan" three generations of the entire spread of infection, 360 Internet Security Center again picked up another malicious Trojan family-"big drug Lords" (TROJAN.DROPPER.ANDROID.FAKEINFO.A), The family to exploit files and malicious APK packets for the two-layer encryption, in order to spread the media malicious samples for the dissemination of poison, in addition, also through the cloud control private hair deduction charges. 360 Mobile security experts pointed out that "elder Trojan" three generations and the "big drug lords" Trojan family behind is a huge mobile phone virus manufacturing groups, through a variety of encryption methods and professional obfuscation tools to avoid security detection, Trojan in the mobile phone hidden deeper, more difficult to clear. 360 Internet Security Center suggested that app developers should be carefully screened when embedding ads, so as not to embed malicious advertising plug-ins, to their own software and users to bring unnecessary losses; Advertisers should strengthen the review of software to promote, do not give the malicious software transmission left to take advantage of the machine. Mobile phone users must be downloaded through the regular channel installation app application, at the same time, the installation of professional security software to open security monitoring.