Threat Database Malware CarbonSteal


By GoldSparrow in Malware

CarbonSteal is the name of a nasty malware that goes after Android devices. Malware researchers first spotted this threat in 2018. Upon dissecting and studying the threat, security experts found that the CarbonSteal malware is rather similar to two other Android threats dubbed SilkBean and DoubleAgent. All three of these threats appear to be concentrated in the Chinese region.

Security researchers that studied the CarbonSteal threat have come across several variants of this malware. This indicates that the CarbonSteal malware is a part of an ongoing campaign seeing that its creators have introduced several updates to it. Some of the latest copies of the CarbonSteal threat appear to be rather advanced. The newest iterations of this threat are able to avoid detection and gain persistence on the compromised host. Once the CarbonSteal malware infects a device, it will gradually initialize different modules, as they would come in separate APKs (Android Packages). An important feature of the CarbonSteal threat is that it does not need to be connected to the Internet to run. This means that the CarbonSteal threat would be functioning even if the compromised Android device is not connected to the WiFi and does not use mobile data to connect to the Web. This is due to the fact that the operators of the CarbonSteal malware can control this threat via phone calls and text messages.

The main goal of the CarbonSteal threat is to obtain information from its victims. Once it compromises the targeted Android device, the CarbonSteal malware will allow its creators to:

  • Determine the location of the victim by using the GPS sensor.
  • Monitor and obtain MS and SMS messages.
  • Use the device’s microphone to record audio.
  • Obtain the call logs of the victim.
  • Obtain certain files utilized by popular Chinese applications such as MiCode and QQ.
  • Collect software data – installed applications, Android version, active applications and settings.
  • Collect hardware data – CPU and disk information.

The CarbonSteal malware mainly targets users located in China. The CarbonSteal threat appears to be propagated via adult games, fraudulent VPN clients, chat applications, Android configurators, etc. Make sure your Android device is protected by a reputable anti-malware application and avoid dodgy content.


Most Viewed