FOR USERS

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Virus library

An analysis of the technologies used by cybercriminals allows us to draw conclusions about the virus industry’s possible vectors of development and more effectively confront future threats. You, too, can learn what actions various malicious programs take in infected systems and how to withstand them.

Android.Gongfu in virus library:

A family of malicious programs for Android mobile devices. The malware can be incorporated into legitimate applications and games and can be distributed through various websites that host software and via Internet forums. These malicious programs can launch automatically on system startup. Moreover, they can gather various device-related information (for example, phone number, IMEI, device model, and OS version) and send it to a remote server.

The Trojans belonging to this family can install another malicious application on the compromised device. This application is, in fact, a backdoor that runs in background mode and can execute commands received from the command and control server. To install the backdoor without user knowledge, the malware exploits various Android vulnerabilities that help acquire root privileges. In order to get elevated privileges, these Trojans use exploits stored in their bodies.

However, later versions of Android.Gongfu Trojans utilize a different routine that looks as follows: instead of using exploits, they employ social engineering methods to force their victims grant these malicious programs necessary privileges.

Moreover, some modifications of Android.Gongfu have features—previously executed in Dalvik—implemented using Linux-native code. As a result, these Trojans do not need to download any additional applications.

Vulnerabilities for Android

According to statistics, every fifth program for Android contains a vulnerability (or, in other words, a "loophole") that lets cybercriminals successfully introduce Trojans onto mobile devices and manipulate them into doing whatever actions they need them to.

Dr.Web Security Auditor for Android diagnoses and analyses a mobile device’s security and offers solutions to address security problems and vulnerabilities.

The Russian developer of Dr.Web anti-viruses
Doctor Web has been developing anti-virus software since 1992
Dr.Web is trusted by users around the world in 200+ countries
The company has delivered an anti-virus as a service since 2007
24/7 tech support

Dr.Web © Doctor Web
2003 — 2021

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125124