Researchers from Trend Micro have recently discovered a new variant of Android malware, which they believe to be linked to the Axiom hacker group in China. The group has been accused of spying on dissidents, human rights groups, and for-profit entities – as well as infiltrating data from the US Government. Dubbed ‘IAndroid’, the malware reportedly has advanced backdoor functionality and is designed to bypass security measures like anti-virus software.
According to Trend Micro, IAndroid is installed as a silent background app and communicates with remote servers via encrypted SSL channels to send sensitive data, download additional plug-ins, and upgrade its binaries. The malware is designed to remove any indication of its presence on the infected device by deleting icons and package names at installation. However, researchers were able to identify the malware through its package name and digital signature.
So far over 20,000 victims have been detected in various locations, the majority of which are located in Malaysia, although smaller numbers have fallen prey to it in India, Vietnam and Indonesia. Trend Micro researchers believe that the malware is related to the Axiom AIRCRAFT threat actor activity which has been extensively reported by Crowdstrike and other security firms over the past year. Together with the fact that the majority of infections have been located in Malaysia, intelligence analysis suggests that the attacker group is likely to be based in the region.
