A report published by a cyber-security firm, Trustlook described the new trojan as a simple one with abilities. The trojan tries to modify the “/system/etc/install-recovery.sh” file to enable its execution each time you opened the app.
It looks like the primary purpose of this malware is to steal data from messaging apps then will be later uploaded to a remote server.
Since the Android Trojan’s objective is to steal data, it is possible that its authors are trying to collect sensitive data through private conversations, images, and videos that could later be used for extortion. It is still not clear how this malware gets distributed but Trustlab researchers spotted this malware inside a Chinese app named Cloud Module with the package name com.android.boxa.
The malware collects information from the following apps:
Voxer Walkie Talkie Messenger
Gruveo Magic Call
TalkBox Voice Messenger
(Photo source: unsplash.com / pexels.com / Facebook – @Infochat.news)