The MalBus malware is a high-end Trojan designed to target Android devices specifically. According to cybersecurity experts, it is likely that the MalBus Trojan was designed to target military officials and high-ranking political figures. However, this does not mean that regular Android users are not at risk too.
The MalBus Android Trojan is designed to sniff out specific phrases and keywords – ‘general,’ ‘colonel,’ ‘major,’ ‘National Assembly,’ ‘Defense Security Command,’ Ministry of Unification,’ etc. It is likely that the creators of the MalBus Android Trojan may be targeting government officials in South Korea, as the threat is propagated as a plugin that works in cooperation with various transportation applications popular in the region. It is clear that the attackers know what they are doing, as they have even managed to bypass the security measures on the Google Play Store – all the applications linked to the MalBus Trojan were hosted on the official Android platform. As soon as the MalBus threat compromises the targeted device, it will connect to the attackers’ C&C (Command & Control) server. Then, the MalBus Trojan will make sure to display a fake prompt that urges the users to fill in their Google account login credentials. Users who fill in the details will provide the attackers with their username and password, and, consequently, their Google account will be hijacked.
The MalBus Trojan also is capable of executing remote commands provided by the attackers. The C&C servers of the creators of the MalBus Trojan are located in various different countries. It would appear that the attackers have servers located in Chile, South Korea, Turkey, Lithuania, Papua New Guinea and Azerbaijan. The MalBus threat is capable of:
- Running remote commands.
- Listing the installed applications on the compromised device.
- Uploading a file from the C&C server to the infected device.
- Downloading a file from the infected device to the C&C server.
- Compressing and collecting directories present on the device.
- Gathering information regarding the hardware and software of the device.
It is clear that the MalBus Trojan is created for reconnaissance purposes. If you want to protect your Android device from nasty threats like the MalBus Trojan, it is best to acquire a reputable mobile anti-virus application that will make sure your phone and your data are protected securely.