{"id":61275,"date":"2019-07-20T18:19:42","date_gmt":"2019-07-20T10:19:42","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=61275"},"modified":"2019-07-24T15:10:37","modified_gmt":"2019-07-24T07:10:37","slug":"agent-smith-%e6%9a%97%e4%b8%ad%e5%b0%87%e5%b7%b2%e5%ae%89%e8%a3%9d%e7%9a%84-android-%e6%87%89%e7%94%a8%e7%a8%8b%e5%bc%8f%e8%aa%bf%e5%8c%85-%e4%b8%a6%e9%a1%af%e7%a4%ba%e8%a9%90%e9%a8%99%e5%bb%a3","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=61275","title":{"rendered":"Agent Smith \u6697\u4e2d\u5c07\u5df2\u5b89\u88dd\u7684 Android \u61c9\u7528\u7a0b\u5f0f\u8abf\u5305, \u4e26\u986f\u793a\u8a50\u9a19\u5ee3\u544a"},"content":{"rendered":"\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"479\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2019\/07\/android-agent-smith-malware-adware.jpg\" alt=\"gent Smith (\u8da8\u52e2\u79d1\u6280\u547d\u540d\u70ba AndroidOS_InfectionAds.HRXA)\uff0c\u5b83\u5c08\u9580\u5229\u7528\u4f5c\u696d\u7cfb\u7d71\u7684\u6f0f\u6d1e\u4f86\u611f\u67d3 Android \u88dd\u7f6e\uff0c\u6697\u4e2d\u5c07\u5df2\u5b89\u88dd\u7684\u61c9\u7528\u7a0b\u5f0f\u66ff\u63db\u6210\u60e1\u610f\u7248\u672c\u3002\u6839\u64da\u7814\u7a76\u4eba\u54e1\u6307\u51fa\uff0c\u6b64\u60e1\u610f\u7a0b\u5f0f\u6703\u5728\u53d7\u5bb3\u624b\u6a5f\u4e0a\u986f\u793a\u8a50\u9a19\u5ee3\u544a\uff0c\u4f46\u5b83\u5176\u5be6\u9084\u53ef\u80fd\u767c\u52d5\u5176\u4ed6\u66f4\u5371\u96aa\u7684\u653b\u64ca\uff0c\u5982\uff1a\u7aca\u53d6\u9280\u884c\u8cc7\u8a0a\u6216\u76e3\u63a7\u4f7f\u7528\u8005\u3002\u76ee\u524d\u611f\u67d3\u88dd\u7f6e\u6578\u91cf\u6700\u591a\u7684\u5730\u5340\u5305\u62ec\uff1a\u5370\u5ea6\u3001\u6c99\u70cf\u5730\u963f\u62c9\u4f2f\u3001\u5df4\u57fa\u65af\u5766\u3001\u5b5f\u52a0\u62c9\u3001\u7f8e\u570b\u53ca\u6fb3\u6d32\u3002\" class=\"wp-image-61276\" srcset=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2019\/07\/android-agent-smith-malware-adware.jpg 700w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2019\/07\/android-agent-smith-malware-adware-300x205.jpg 300w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2019\/07\/android-agent-smith-malware-adware-30x21.jpg 30w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><\/figure>\n\n\n\n<p>\u6700\u8fd1\u51fa\u73fe\u4e86\u4e00\u7a2e\u65b0\u578b\u7684\u884c\u52d5\u60e1\u610f\u7a0b\u5f0f\u540d\u53eb Agent Smith (\u8da8\u52e2\u79d1\u6280\u547d\u540d\u70ba <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/AndroidOS_InfectionAds.HRXA\">AndroidOS_InfectionAds.HRXA<\/a>)\uff0c\u5b83\u5c08\u9580\u5229\u7528\u4f5c\u696d\u7cfb\u7d71\u7684\u6f0f\u6d1e\u4f86\u611f\u67d3 Android \u88dd\u7f6e\uff0c\u6697\u4e2d\u5c07\u5df2\u5b89\u88dd\u7684\u61c9\u7528\u7a0b\u5f0f\u66ff\u63db\u6210\u60e1\u610f\u7248\u672c\u3002\u6839\u64da\u7814\u7a76\u4eba\u54e1\u6307\u51fa\uff0c\u6b64\u60e1\u610f\u7a0b\u5f0f\u6703\u5728\u53d7\u5bb3\u624b\u6a5f\u4e0a\u986f\u793a\u8a50\u9a19\u5ee3\u544a\uff0c\u4f46\u5b83\u5176\u5be6\u9084\u53ef\u80fd\u767c\u52d5\u5176\u4ed6\u66f4\u5371\u96aa\u7684\u653b\u64ca\uff0c\u5982\uff1a\u7aca\u53d6\u9280\u884c\u8cc7\u8a0a\u6216\u76e3\u63a7\u4f7f\u7528\u8005\u3002<\/p>\n\n\n\n<p>\u7814\u7a76\u4eba\u54e1\u5728 2019 \u5e74 4 \u6708\u4e4b\u524d\u5c31\u767c\u73fe <a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/janus-android-app-signature-bypass-allows-attackers-modify-legitimate-apps\/\">Janus<\/a> \u6f0f\u6d1e (<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-13156\">CVE-2017-13156<\/a>) \u906d\u5230\u653b\u64ca\u7684\u60c5\u6cc1\u8d8a\u4f86\u8d8a\u56b4\u91cd\u3002\u6b64\u5916\uff0c\u9084\u767c\u73fe Google Play\n\u5546\u5e97\u4e0a\u7684\u4e00\u4e9b\u71b1\u9580\u5de5\u5177\u8edf\u9ad4\u3001\u904a\u6232\u3001\u7f8e\u808c\u8edf\u9ad4\u4ee5\u53ca\u6210\u4eba\u5167\u5bb9\u61c9\u7528\u7a0b\u5f0f\u6703\u6697\u4e2d\u690d\u5165 Agent Smith \u60e1\u610f\u7a0b\u5f0f\uff0c\u96a8\u5f8c\u8a72\u7a0b\u5f0f\u9084\u6703\u4e0d\u65b7\u57f7\u884c\u5047\u5192 Google \u5b98\u65b9\u4fee\u88dc\u7a0b\u5f0f\u7684\u66f4\u65b0\u3002\u6b64\u60e1\u610f\u7a0b\u5f0f\u7684\nAPK \u6a94\u6848\u6703\u64f7\u53d6\u5df2\u5b89\u88dd\u61c9\u7528\u7a0b\u5f0f\u6e05\u55ae\uff0c\u518d\u5c0d\u7167<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/definition\/command-and-control-server\">\u5e55\u5f8c\u64cd\u7e31 (C&amp;C) \u4f3a\u670d\u5668<\/a>\u50b3\u4f86\u7684\u653b\u64ca\u76ee\u6a19\u6e05\u55ae\uff0c\u7136\u5f8c\u5047\u85c9\u5b89\u88dd\u66f4\u65b0\u7684\u540d\u7fa9\uff0c\u5c07\u61c9\u7528\u7a0b\u5f0f\u7684\u57fa\u790e\nAPK \u62bd\u63db\u6210\u60e1\u610f\u5ee3\u544a\u6a21\u7d44\u8207 APK\u3002<\/p>\n\n\n\n<!--more-->\n\n\n\n<p>[<strong>\u76f8\u95dc\u65b0\u805e<\/strong>\uff1a<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/mobile-safety\/android-security-click-fraud-apps-drove-100-malware-increase-in-google-play-for-2018\">Android Security: Click fraud apps drove 100% malware\nincrease in Google Play for 2018<\/a>]<\/p>\n\n\n\n<p>\u6b64\u60e1\u610f\u7a0b\u5f0f\u8207\u4ee5\u5f80\u7684\u60e1\u610f\u7a0b\u5f0f\u653b\u64ca\u4e0d\u540c\u4e4b\u8655\u5728\u65bc\u7d50\u5408\u4e86\u66f4\u591a\u6f0f\u6d1e\uff0c\u800c\u4e14\u70ba\u4e86\u56e0\u61c9 Android \u6700\u65b0\u7684\u5b89\u5168\u63aa\u65bd\uff0c\u611f\u67d3\u7684\u6b65\u9a5f\u4e5f\u7b56\u5283\u5f97\u66f4\u52a0\u7e1d\u5bc6\u3002<a href=\"https:\/\/research.checkpoint.com\/agent-smith-a-new-species-of-mobile-malware\/\">\u7814\u7a76\u4eba\u54e1\u6307\u51fa<\/a>\uff0c\u5176\u611f\u67d3\u6b65\u9a5f\u5305\u542b\u4e09\u500b\u968e\u6bb5\uff0c\u5206\u5225\u5229\u7528\u4e86 Janus\u3001Bundle \u8207\nMan-in-the-Disk \u6f0f\u6d1e\uff0c\u4e26\u4ee5\u5efa\u7acb\u88dd\u7f6e\u6bad\u5c4d\u7db2\u8def\u70ba\u76ee\u6a19\uff0c\u662f\u300c\u7b2c\u4e00\u500b\u5c07\u9019\u6240\u6709\u6f0f\u6d1e\u6574\u5408\u6210\u653b\u64ca\u6027\u6b66\u5668\u7684\u884c\u52d5\u300d\u3002\u5728\u9019\u6a23\u7684\u57fa\u790e\u4e0b\uff0c\u99ed\u5ba2\u6216\u8a31\u6b63\u5728\u898f\u5283\u4e00\u5834\u66f4\u5927\u898f\u6a21\u7684\u653b\u64ca\u884c\u52d5\uff0c\u8a66\u5716\u63d0\u9ad8\u5c0d\nPlay \u5546\u5e97\u7684\u6ef2\u900f\u7387\u3002\u7814\u7a76\u4eba\u54e1\u5df2\u901a\u77e5\u4e86 Google\uff0c\u800c Google \u4e5f\u78ba\u5be6\u79fb\u9664\u4e86\u76f8\u95dc\u7684\u60e1\u610f\u61c9\u7528\u7a0b\u5f0f\u3002<\/p>\n\n\n\n<p>[<strong>\u5ef6\u4f38\u95b1\u8b80\uff1a<\/strong> <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/mobile-safety\/android-malware-campaigns-simbad-adware-and-operation-sheep-reportedly-installed-250-million-times\">Android malware campaigns SimBad adware and Operation\nSheep reportedly installed 250 million times<\/a>]<\/p>\n\n\n\n<p>\u8da8\u52e2\u79d1\u6280\u5728 2019 \u5e74\u7b2c\u4e00\u5b63\u5373\u5df2\u767c\u73fe\u9019\u4e9b\u60e1\u610f\u7a0b\u5f0f\u4e26\u5206\u5225\u547d\u540d\u70ba AndroidOS_HiddenAds.HRXA\n\u548c AndroidOS_Janus.ISO\u3002\u7576\u6642\uff0c\u9019\u4e9b\u96f6\u661f\u5075\u6e2c\u5230\u7684\u60e1\u610f\u7a0b\u5f0f\u770b\u4f86\u5f7c\u6b64\u4e26\u4e0d\u76f8\u5e72\uff0c\u76f4\u5230\u5168\u7403\u611f\u67d3\u6848\u4f8b\u958b\u59cb\u4e0d\u65b7\u589e\u52a0\u3001\u6c99\u76d2\u6a21\u64ec\u5206\u6790\u4e5f\u958b\u59cb\u767c\u73fe\u88ab\u5224\u5b9a\u70ba\nAndroidOS_Janus.ISO \u7684 Android Dalvik Executable (DEX) \u6a94\u6848\u3002\u6839\u64da\u9032\u4e00\u6b65\u7684\u5206\u6790\u767c\u73fe\uff0c\u4e00\u4e9b\u71b1\u9580\u7684\u7b2c\u4e09\u65b9\nAndroid \u61c9\u7528\u7a0b\u5f0f\u5546\u5e97 (\u5982 9Apps) \u5171\u6709\u5c07\u8fd1 900 \u500b\u61c9\u7528\u7a0b\u5f0f\u5167\u542b\u6b64\u60e1\u610f\u6a21\u7d44\uff0c\u5176\u4e2d\u4e00\u5c0f\u90e8\u5206\u60e1\u610f\u7a0b\u5f0f\u7684\u4e0b\u8f09\u6b21\u6578\u52a0\u8d77\u4f86\u751a\u81f3\u8d85\u904e\u4e86 11,000 \u6b21\u3002\u9019\u4e9b\u529f\u80fd\u76f8\u7576\u6709\u9650\u7684\u61c9\u7528\u7a0b\u5f0f\uff0c\u5927\u591a\u542b\u6709\u81ea\u884c\u7c3d\u7f72\u7684\u7c3d\u7ae0\u3002<br>\n<br>\n<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/android-agent-smith-malware-copy.jpg\" alt=\"\"\/><\/figure>\n\n\n\n<p><em>\u5716 1\uff1a\u611f\u67d3 Agent\nSmith \u7684\u61c9\u7528\u7a0b\u5f0f\uff0c\u5176\u6191\u8b49\u7684\u7c3d\u7f72\u8005\u8207\u64c1\u6709\u8005\u57fa\u672c\u4e0a\u5b8c\u5168\u76f8\u540c\u3002<\/em><\/p>\n\n\n\n<p>\u6240\u6709\u9019\u4e9b\u60e1\u610f\u7248\u672c\u7684\u61c9\u7528\u7a0b\u5f0f\u90fd\u6703\u5360\u7528\u591a\u9918\u7684\u4f5c\u696d\u7cfb\u7d71\u7a7a\u9593\uff0c\u4e26\u5e36\u6709 <em>android.support.multidex.MultiDexApplication\n<\/em>\u8a2d\u5b9a\u53ef\u8b93\u99ed\u5ba2\u5229\u7528\u81ea\u52d5\u5316\u5de5\u5177\u4f86\u5c07\u5176\u7a0b\u5f0f\u78bc\u91cd\u65b0\u5305\u88dd\u6210\u60e1\u610f\u7248\u672c\u3002\u8da8\u52e2\u79d1\u6280\u5df2\u5c07\u6b64\u554f\u984c\u901a\u5831\u7d66 Google\uff0c\u81f3\u672c\u6587\u767c\u8868\u6642\uff0cGoogle \u5df2\u7d93\u5c07\u5269\u9918\u7684\u61c9\u7528\u7a0b\u5f0f\u4e0b\u67b6\u3002<\/p>\n\n\n\n<p>\u5efa\u8b70\u4f7f\u7528\u8005\u6700\u597d\u7acb\u5373\u6aa2\u67e5\u4e00\u4e0b\u81ea\u5df1\u7684\u88dd\u7f6e\uff0c\u4e26\u4e14\u5c07\u4efb\u4f55\u53ef\u7591\u6216\u6700\u8fd1\u624d\u5b89\u88dd (\u6709\u611f\u67d3\u7591\u616e) \u7684\u61c9\u7528\u7a0b\u5f0f\u79fb\u9664\u3002\u6b64\u5916\uff0c\u61c9\u7528\u7a0b\u5f0f\u958b\u767c\u4eba\u54e1\u3001\u7cfb\u7d71\u958b\u767c\u5546\u4ee5\u53ca\u884c\u52d5\u89e3\u6c7a\u65b9\u6848\u4f9b\u61c9\u5546\uff0c\u4e5f\u61c9\u5bc6\u5207\u76e3\u63a7\u81ea\u5bb6\u7684\u7522\u54c1\uff0c\u96a8\u6642\u4fee\u88dc\u4e26\u91cb\u51fa\u66f4\u65b0\u4f86\u78ba\u4fdd\u6f0f\u6d1e\u7686\u5df2\u4fee\u88dc\u3002\u800c\u4f7f\u7528\u8005\u548c\u4f01\u696d\u4e5f\u53ef\u8003\u616e\u63a1\u7528\u4e00\u5957<a href=\"https:\/\/t.rend.tw\/?i=NzgxNQ\">\u8da8\u52e2\u79d1\u6280\u884c\u52d5\u5b89\u5168\u9632\u8b77<\/a>\u4f86\u9632\u6b62\u81ea\u5df1\u7684\u88dd\u7f6e\u5b89\u88dd\u5230\u5ee3\u544a\u7a0b\u5f0f\u6216\u5176\u4ed6\u53ef\u80fd\u6709\u5bb3\u7684\u61c9\u7528\u7a0b\u5f0f\u3002<\/p>\n\n\n\n<p>\u539f\u6587\u51fa\u8655\uff1a<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/agent-smith-malware-infecting-android-apps-devices-for-adware\">Agent Smith Malware Infecting Android Apps, Devices for Adware<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/zh_tw\/for-home\/products\/ms\/ms_2280x650.jpg\" alt=\"\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/t.rend.tw\/?i=NzgxNQ\">\u8da8\u52e2\u79d1\u6280\u884c\u52d5\u5b89\u5168\u9632\u8b77<\/a>\u80fd\u5920\u5c01\u9396\u60e1\u610f\u61c9\u7528\u7a0b\u5f0f\uff0c\u4f7f\u7528\u8005\u9084\u53ef\u4ee5\u5229\u7528\u5b83\u7684\u591a\u5c64\u6b21\u5b89\u5168\u9632\u8b77\u529f\u80fd\u4f86\u4fdd\u8b77\u88dd\u7f6e\u5167\u7684\u8cc7\u6599\u548c\u96b1\u79c1\uff0c\u540c\u6642\u62b5\u79a6\u52d2\u7d22\u75c5\u6bd2\u3001\u8a50\u9a19\u7db2\u7ad9\u548c\u8eab\u4efd\u7aca\u76dc\u7b49\u653b\u64ca\u3002 &gt;&gt;&nbsp;<a href=\"https:\/\/t.rend.tw\/?i=NzgxNQ\">\u514d\u8cbb\u4e0b\u8f09\u8a66\u7528<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u6700\u8fd1\u51fa\u73fe\u4e86\u4e00\u7a2e\u65b0\u578b\u7684\u884c\u52d5\u60e1\u610f\u7a0b\u5f0f\u540d\u53eb Agent Smith (\u8da8\u52e2\u79d1\u6280\u547d\u540d\u70ba AndroidOS_Infec [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[15],"tags":[2274],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/61275"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=61275"}],"version-history":[{"count":0,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/61275\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=61275"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=61275"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=61275"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}