Tuesday, March 31, 2015

Trojan using Baidu Cloud Push service found on Google Play Store

Looks like Remote Administration Trojan (RAT), threat named Cajino using Baidu Cloud Push, a new way to communicate with server, wasn't only on alternative Android markets. Trojan was found on official Google Play Store with more than 50.000 downloads for more than a month.

Cajino was available on offical Play Store
Cajino available on Google Play Store

"Some samples, under a certain developer, were signed during November 2014, and were available in Google Play since December. The apps were available in the main market until late January, when Google removed them. It seems that some others were available from September until late January."  - Eleven Paths

How it looks today?

After few days I published post on my blog, detection rate for this RAT wasn't as suspected, only 4 antivirus vendors detected it.

 These days detection of this threat is getting better.

Cajino is still available for download from alternative Android markets.

Application is still available to download from attackers webpage hxxp://guangzhouhan1.dothome.co.kr/music.apk.

Credits for discovering Cajino Trojan on Google Play Store belongs to security researchers from Eleven Paths.



1 comment:

  1. very good post, it was really informative thanks a lot for posting…
    Mobile App Development