Malwarebytes has just discovered that the Dropper RealShell, a bad intentioned program that installs harmful files without user consent, has just won a fairly significant update. According to a post of the security company blog, the new version of trojan dropper is able to bypass traditional defenses of your Android.
“All Android Application Package (APK) has features within it. These resources are folders and files required for the program to run in a functional way. There are two optional folders across APK, one of them is called” raw “, which is located in a folder called “res” that always exists. The other optional folder is called “Assets” and is the root of the program, almost all trojan droppers work putting harmful files in one of two folders. “
The new threat uses an atypical and complex file library, which has not been detected by Android’s defenses, they are installed using a very different technique.
“Instead of having all the saved APK, she builds gradually, concatenating the files in a single thing over time. The files it uses are stored in the” Assets “but mean nothing when installation, they do not seem usable only scratch files or trash, just looking more deeply into their code you can understand your intent. “
For now, the Malwarebytes did not find any infected file with the new dropper in the Google Play applications and other traditional places. This means that the only way for your system at risk is unknown origin using other stores, which was already essentially dangerous before this discovery, it is also always good to remember just download business files that you trust and never fall into pranks applications that claim to be what they are not.
No comments:
Post a Comment