The company “Doctor Web” told about the new dangers facing users of mobile devices based on Android. Experts have discovered an Android Trojan that uses to disseminate vulnerability in one of responsible for the GPS component of the operating system Android.
Trojan Android.GPStrack.1.origin is masked in the application directory under program that uses GPS, such as navigation, map services, application delivery services, and food. This allows you to prompt the user access to the data of the GPS tracker without arousing suspicion.
After you install Android.GPStrack.1.origin refers to the standard component of the android operating system.location.Method, intended to interact with the GPS subsystem on the device. This component uses method getLastKnownLocation. If the GPS tracker application returns specific geographical coordinates, this function allows you to perform in the device memory arbitrary code passed to it as parameter as HEX-string. As a result you can run on an infected gadget any code. The vulnerability is relevant to all Android versions starting with 4.1.
Android.GPStrack.1.origin sends to the control server information about the infected device, including its model, operating system version, IMEI-ID, then threats downloads and installs other malicious applications.
At the moment more than two hundred values of geographical coordinates, is able to trigger the Trojan. In particular, such coordinates are 53°13’18” n 33°26’03” W. D. — if the user enables the GPS tracker in this geographical point, after acquire satellites the device will become infected.