Tuesday, March 31, 2015

Trojan using Baidu Cloud Push service found on Google Play Store



Looks like Remote Administration Trojan (RAT), threat named Cajino using Baidu Cloud Push, a new way to communicate with server, wasn't only on alternative Android markets. Trojan was found on official Google Play Store with more than 50.000 downloads for more than a month.


Cajino was available on offical Play Store
Cajino available on Google Play Store


"Some samples, under a certain developer, were signed during November 2014, and were available in Google Play since December. The apps were available in the main market until late January, when Google removed them. It seems that some others were available from September until late January."  - Eleven Paths



How it looks today?


After few days I published post on my blog, detection rate for this RAT wasn't as suspected, only 4 antivirus vendors detected it.



 These days detection of this threat is getting better.











Cajino is still available for download from alternative Android markets.

Application is still available to download from attackers webpage hxxp://guangzhouhan1.dothome.co.kr/music.apk.

Credits for discovering Cajino Trojan on Google Play Store belongs to security researchers from Eleven Paths.


NEW MD5:

14885b84914651da4990586b36022900
eedc44e72023e75c024ff22e6423a4d6
5ba62baeda7264c83fe57e1b2b1f2533
3853b2b74c0f68bfb4ca5b080df9addd


1 comment:

  1. very good post, it was really informative thanks a lot for posting…
    Mobile App Development

    ReplyDelete