Virus library
An analysis of the technologies used by cybercriminals allows us to draw conclusions about the virus industry’s possible vectors of development and more effectively confront future threats. You, too, can learn what actions various malicious programs take in infected systems and how to withstand them.
Program.SecretVideoRecorder in virus library:
Program.SecretVideoRecorder is the detection name for various modifications of specialized application that allows background video recording through built-in cameras on Android devices. The app is not malicious, but it can operate covertly. That makes it a potential cyber espionage tool if malicious actors install it onto potential victims’ devices. For example, it allows to:
- Change notification contents about ongoing video recording or turn them off entirely
- Replace the app’s icons and their title with fake ones, making the app less noticeable for the device owner
- Add geolocation data (geotags) to recording videos
- Hide created videos from other apps, like the default gallery app
- Create a schedule to automatically start recording
- Protect the app with the password
App’s password protection and main screen:
An example of substituting the app’s visible icons:
An example of substituting a notification about video recording:
Vulnerabilities for Android
According to statistics, every fifth program for Android contains a vulnerability (or, in other words, a "loophole") that lets cybercriminals successfully introduce Trojans onto mobile devices and manipulate them into doing whatever actions they need them to.
Dr.Web Security Auditor for Android diagnoses and analyses a mobile device’s security and offers solutions to address security problems and vulnerabilities.
