SHA1: 36cb23ad887d1abd81bb34ad74c3806c1dbb7241
Android.BackDoor.44 is an executable UNIX file designed to run on Android mobile devices. It is incorporated into Android.Backdoor.260.origin as an additional module.
Once launched, the Trojan activates the libsleep4.so library (Android.BackDoor.46) and the libstay2.so library (Android.BackDoor.43) that are also embedded into Android.Backdoor.260.origin.
It can execute the following commands:
- DOW—download a file form the server
- UPL—upload a file to the server
- PLI, PDL, SDA—update malicious modules and settings
- DIR—get the list of files residing in the specified folder
- DTK—write the contents of the specified folder into a file
- OSC, STK—run a search for the specified file of folder
- OSF—abort the search of the specified file
- DEL—delete the specified file
- SCP—take a screenshot
- BGS—activate the microphone and start recording
- GPRS—start tracking GPS coordinates
While some commands are executed by Android.BackDoor.44 on its own, other commands are carried out with the help of other malicious libraries incorporated into Android.Backdoor.260.origin. The libraries communicate with each other through UNIX sockets.