Anti-virus company Symantec has discovered a new Trojan horse for the operating system Android, which modifies the code each time it is downloaded in order to avoid detection by security tools. Symantec said that the technology “server polymorphism” has previously been used by malicious software, but so far – only in case of malicious software for desktop computers. Now, this concept is optimized for mobile malicious. unusual mechanism of modification of the code runs on a server distribution from which the Trojan is being spread, and is responsible for the modification of certain modules of the Trojan, to ensure that each recipient receives a unique set of program code.
This mechanism differs from the local polymorphism, when the code is updated every time you start the program. In Symantec say they have found several variants of this Trojan, and define a new family, as Android. Opfake, all of which are distributed from servers in Russia. Malicious software contains the instructions to automatically send SMS-messages to premium short codes in several countries of the CIS and Europe. According to antivirus experts, many of today’s mobile anti-virus software relies mainly on static signatures and detection codes is continually modified to the complexity of such decisions. Even more difficult to detect if the code is modifiable database is large enough to modify more than half of the Trojan.In this case, the code can be detected, as a rule, only the behavioral mechanisms. ”If the manufacturer takes anti-virus solution as a basis for detecting non-modifiable part of the Trojan, the detection of problems should not arise. However, in today’s case, the Trojan modifies the executable part,” – says Tim Armstrong, a specialist anti-virus “Kaspersky Lab”. According to him, in the future on the basis of polymorphic technologies will create more and more malicious code.