• Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

    Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

    In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

    If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

New Android Virus Extracts Your Facebook, Skype, Telegram Messages

  • Thread starter
  • Admin
  • #1


Admin & Security Team
Feb 19, 2010
Midlands, UK
PC Experience
Very Experienced
Security company warns of new Android malware in the wild


Android devices are being targeted by a new form of malware that is specifically aimed at stealing private conversations on IM applications like Facebook Messenger, Skype, Telegram, Twitter, Viber, and others.

The malware, which was detected by Trustlook (via FossBytes), has the capabilities to modify the “/system/etc/install-recovery.sh” file in order to start at every boot, thus making sure that it can extract instant messaging data even if the device is restarted.

The first infected application is called Cloud Module and is spreading in China as package name com.android.boxa.
It hasn’t yet reached the Google Play Store, and most likely the malware is supposed to target devices using non-store distribution tactics, such as email and downloads from third-party hosting sites.

Chats uploaded to remote server

In other words, Android users who only install apps from the Google Play store should be safe.
While Android security solutions could detect the Trojan, Trustlook warns that the malware was designed to avoid detection, including anti-emulator and debugger detection techniques that make it possible to bypass dynamic analysis.

Code obfuscation/hiding increases the malware author’s ability to avoid detection and becomes a sophisticated challenge to anti-virus software,” Trustlook notes in its analysis

Once the malware manages to compromise an Android device, it automatically looks for conversations in the said applications.
The data is extracted and then sent to a remote server.
The security vendor says the server’s IP address is mentioned in the malware configuration file, allowing the Trojan to operate without any further command send by the author.

The full list of instant messaging apps that are being targeted by the malware is available below, and keep in mind that as long as you stick with legitimate download sources for Android apps, this new form of malware is highly unlikely to compromise your device.
Also, if you’re running third-party security software, updating it should help block any possible intrusion.


New Android Virus Extracts Your Facebook, Skype, Telegram Messages


May 17, 2009
Illinois U.S.A.
PC Experience
Elite PC Guru
I am seeing a trend where hackers are leaving Microsoft alone for the most part and spending that time on the most popular phone OS.
Top Bottom