Home / malware Trojan:Linux/Stiniter.A
First posted on 30 May 2012.
Source: MicrosoftAliases :
Trojan:Linux/Stiniter.A is also known as Android.Tgloader (Dr.Web), Android/Stiniter.A (ESET), Backdoor.AndroidOS.Stiniter.a (Kaspersky), Android.Stiniter (Symantec), Backdoor.AndroidOS.Stiniter.G (VirusBuster).
Explanation :
Trojan:Linux/Stiniter.A is a trojan component of Trojan:AndroidOS/Stiniter.A and performs functions that lower the security of your Android device.
Installation
Trojan:Linux/Stiniter.A is installed by Trojan:AndroidOS/Stiniter.A and is present as the following files on your affected Android device:
- /data/data/android.gdwsklzz.com/start
- /data/data/android.gdwsklzz.com/initr
- /data/data/android.gdwsklzz.com/ts
- /data/data/android.gdwsklzz.com/keeper
- /data/data/android.gdwsklzz.com/unlock.apk
Payload
Lowers security
Trojan:Linux/Stiniter.A could perform the following actions:
- Root the device
- Install other Stiniter trojan components
- Escalate privileges by mounting the system driver
- Disable the keylock service
- Prevent the device from going into "sleep" mode
- Communicate with one of the following command and control servers to receive other payload instructions or to send data
- vhunjie.com/tgloader-android
- vshenhuo.com/tgloader-android
- vyidong.com/tgloader-android
- vliulan.com/tgloader-android
Analysis by Tim Liu
Last update 30 May 2012
