Trojans Infect System Processes

Tuesday, September 27, 2016 @ 02:09 PM gHale

Android Trojans continue their growth curve with the capability to infect the processes of applications and then downloading their own plug-ins, researchers said

The Xiny malware family can infiltrate the processes of system applications and then download malicious plug-ins into the infected programs, said researchers at Dr.Web.

Linux DDoS Trojan Found
New Linux Trojan
Macro-based Malware Evolution
Macs Targeted with Backdoor

The threats can end up downloaded and then delete various programs from the compromised systems. That functionality requires root privileges. Once they achieve the required privileges, the Trojans can silently download and install software onto devices, while also displaying advertisements.

The Android.Xiny Trojans ended up discovered in March 2015 and are going out through popular websites, and even official application stores.

These programs have an innovative APK file that can ensure the Trojan cannot end up deleted, Dr.Web researchers said in a blog post.

The updated Android.Xiny Trojans include the ability to inject themselves into system applications, which allows them to launch various malicious plug-ins. One of the threats that includes this functionality is Android.Xiny.60, which extracts several malicious components (/xbin/igpi; /lib/; /lib/; and /framework/igpi.jar) from its resource folder and copies them to system directories soon after installation.

The malware uses the igpi module (detected as Android.Xiny.61) to inject the library (Android.Xiny.62) into the system application processes of Google Play ( and Google Play Services (, Moreover, the malicious module can inject into Android’s Zygote process, researchers said.

After infecting the Zygote process, Xiny.62 can track the launch of any new applications and can inject the igpi.jar malicious module (Android.Xiny.60) into them. The module is also injected in the system processes of Google Play and Google Play Services applications after they have been infected.

Leave a Reply

You must be logged in to post a comment.