Malicious App - Windseeker (Advanced Injection And Hooking Technique)

 Very recently, our friends in Lacoon mobile security discovered a malicious app which implements the advanced injection and hooking techniques. It rise the eye brows, because they try to make in the same way of malicious routines in the PC based malware for this mobile based malware.


Eavesdrop :

The main function of this windseeker is to eavesdrop on Chinese Instant Messenger (IM) chats. The targeted device is rooted android platforms.


Threats :

Reach of the instant chat in the hand held devices such as Android phones, are now in pinnacle. These threat actors now targeting these device users with instant chat.

Lacoon quoted as follows- 
"Windseeker runs on rooted Android devices and enables the remote monitoring of two popular Instant Messaging (IM) apps, developed by Tencent (one of the largest Chinese Internet service portals):
  1. WeChat – A globally-used messaging apps boasting 100,000,000-500,000,000 downloads in the Google’s Play Store.
  2.  QQ – Mainly a Chinese-regional messaging app boasting ~800,000,000 users (a total of all mobile platforms, not just Android).
While this tool is intended for use in China due to the intended targets as Chinese instant messaging apps (WeChat and QQ) and monitored chats being in Chinese, it’s important to understand that this type of threat could be implemented anywhere."


 How this windseeker works?                                                                                                     
Using the process monitor threads, it will identify the whether instant messenger is running or not. Then it will indulge in hooking activity by injecting the malicious codes in to the process. Then it starts to spy on the IM chats. An api is called by app, and that api is already hooked which results in the spying. This is the overall picture of this windseeker malicious activity.


All in the hands of the users to aware what they installed in the devices, otherwise their privacy at risk.

                                                                                                                                                       Regards,
                                                                                                                                                                                                                             



Comments

Anonymous said…
Nice article... thanks for sharing :)

Popular Posts