{"id":17245,"date":"2018-04-05T08:00:43","date_gmt":"2018-04-05T12:00:43","guid":{"rendered":"https:\/\/www.psafe.com\/en\/blog\/?p=17245"},"modified":"2022-04-28T08:52:06","modified_gmt":"2022-04-28T12:52:06","slug":"hidden-cobra-malware-infects-android-phones","status":"publish","type":"post","link":"https:\/\/www.psafe.com\/en\/blog\/hidden-cobra-malware-infects-android-phones\/","title":{"rendered":"Hidden Cobra Malware Infects Android Phones"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">The U.S. Department of Homeland Security and Federal Bureau of Investigation (FBI) are <\/span><a href=\"https:\/\/www.us-cert.gov\/ncas\/current-activity\/2018\/02\/13\/North-Korean-Malicious-Cyber-Activity\"><span style=\"font-weight: 400;\">warning Android phone owners<\/span><\/a><span style=\"font-weight: 400;\"> of two new Hidden Cobra malware that&#8217;s believed to be engineered by the\u00a0 North Korean government. Avoid being infected with these malicious files by using DFNDR Security\u2019s Full Virus Scan protection. <\/span><\/p>\n<p><center><a href=\"https:\/\/play.google.com\/store\/apps\/details?id=com.psafe.msuite&amp;hl=en\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-9829 size-full\" src=\"https:\/\/www.psafe.com\/en\/blog\/wp-content\/uploads\/2017\/04\/run-security-scan-1.jpg\" alt=\"\" width=\"353\" height=\"79\" srcset=\"https:\/\/www.psafe.com\/en\/blog\/wp-content\/uploads\/2017\/04\/run-security-scan-1.jpg 353w, https:\/\/www.psafe.com\/en\/blog\/wp-content\/uploads\/2017\/04\/run-security-scan-1-300x67.jpg 300w\" sizes=\"auto, (max-width: 353px) 100vw, 353px\" \/><\/a><center><\/center><\/center><span style=\"font-weight: 400;\"><br \/>\nThis feature monitors any threats on your device, including scanning your memory and SD card for malware or viruses. Try it out and read further to learn more\u00a0<\/span><span style=\"font-weight: 400;\">about the Hidden Cobra group &#8212; also known as Lazarus Group &#8212; and this strain of malware.<\/span><\/p>\n<p><b>Read More:\u00a0<\/b><a href=\"https:\/\/www.psafe.com\/en\/blog\/dangerous-new-android-malware-discovered\/\">Dangerous New Android Malware Discovered<\/a><\/p>\n<p><b>What This Malware Does to Androids<br \/>\n<\/b><span style=\"font-weight: 400;\">The two pieces of malware are known as <\/span><a href=\"https:\/\/www.scmagazine.com\/hidden-cobra-malware-infects-android-devices-with-rat-turns-windows-machines-into-proxies\/article\/744472\/?utm_source=newsletter&amp;utm_medium=email&amp;utm_campaign=SCUS_Newswire_20180216&amp;DCMP=EMC-SCUS_Newswire_20180216&amp;email_hash=90C3174ED2957E3CD1820F9B16D439C4&amp;spMailingID=19034891&amp;spUserID=MzkxNTU2OTgyODU5S0&amp;spJobID=1201080794&amp;spReportId=MTIwMTA4MDc5NAS2\"><span style=\"font-weight: 400;\">HARDRAIN and BADCALL<\/span><\/a><span style=\"font-weight: 400;\"> and they are capable of installing a remote access tool (RAT) payload on Android devices. The technology can make the affected Windows systems work as a proxy server that can gather information from your device.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Hidden Cobra viruses can record your phone calls, take over your camera and take screenshots of your device, read data from the contact manager, download and upload data from your device, plus it can execute commands and check for open Wi-Fi channels. Hackers can later use this information to blackmail you as it gives them the capabilities to make your personal information public.<\/span><\/p>\n<p><b>HARDRAIN: Part One<br \/>\n<\/b><span style=\"font-weight: 400;\">The two federal departments wrote that HARDRAIN is comprised of three executable files that install malware on your Android device. Two of these are dynamic link library (DLL) executables that alter your Windows Firewall in order to allow incoming malicious connections from cybercriminals to breach your device. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">In essence, these files open up the door for malicious files masked as secure HTTPS sessions that appear to be legitimate to enter your device. The third file on HARDRAIN is an Executable Linkable Format (ELF) file that links up to hard-coded IP addresses and serves as a RAT program, paving the way for a further invasion of your privacy and exposing your personal data.<\/span><\/p>\n<p><b> BADCALL: Part Two<br \/>\n<\/b><span style=\"font-weight: 400;\">The other piece of malware is BADCALL, which also uses three files to tap into your phone. Two of these are also Windows executables that disarm your firewall by altering a registry key. After doing so, BADCALL also turns the infected systems into proxy servers. These files allow illicit communication channels to reach your device in the form of encrypted HTTPS traffic.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Rounding up the three files that make up BADCALL, there is an Android Package Kit (APK) that also acts as a RAT program that can access your personal information, record sensitive conversations, capture text messages and screenshots through your device\u2019s camera.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Watch out for these new trojan packages, which includes malicious executable files that can take over your device in scary ways.<\/p>\n","protected":false},"author":83,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"categories":[5],"tags":[259,182,349,358,249,161],"class_list":["post-17245","post","type-post","status-publish","format-standard","hentry","category-security","tag-hackers","tag-malware","tag-phone","tag-protection","tag-security","tag-virus"],"_links":{"self":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts\/17245","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/users\/83"}],"replies":[{"embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/comments?post=17245"}],"version-history":[{"count":1,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts\/17245\/revisions"}],"predecessor-version":[{"id":21213,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts\/17245\/revisions\/21213"}],"wp:attachment":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/media?parent=17245"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/categories?post=17245"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/tags?post=17245"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}