The screenshot on this page shows that they've included the Orbot source itself right into the app. +1 for open-source, -1 for sneaky malware using .Onion C&C's.
http://www.securelist.com/ru/blog/207769023/Pervyy_TOR_troyanets_pod_Android (google translation below) TOR First Trojan for Android Roman Unuchek Expert "Kaspersky Lab" published February 24, 2014, 13:09 MSK Topics: Threats to mobile devices , Google Android 0.1 Virus writers are creating Android-Trojans, traditionally used as a sample functional Windows malware. Now, another "trick» Windows Trojan malware is implemented under Android: we found the first Android-Trojan, who as a C & C uses the domain of pseudo-zone. Onion. Thus, the Trojan uses the anonymous network Tor, built on a network of proxy servers. In addition to providing user anonymity, Tor allows you to post in the blast zone. Onion «anonymous» sites accessible only to Tor. Backdoor.AndroidOS.Torec.a is a variation of the popular Tor-client Orbot. Attackers have added your code in this application, the Trojan does not impersonating Orbot, it simply uses the functionality of the client. Trojan can get to the C & C the following commands: start / stop intercepting incoming SMS start / stop the theft of incoming SMS make USSD request send to C & C data on the phone (the phone number, country, IMEI, model, version of OS) send to C & C list of installed applications on your mobile device send SMS to the number specified in the command Using TOR has to intruders its pros and cons. Among the advantages that such a C & C can not be closed. The disadvantages include the need for it is worth the additional code. To Backdoor.AndroidOS.Torec.a could use Tor, it took much more code than for its own functionality. -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
