XUNLEI THUNDER ANDROID FOR ANDROID
The applications were only installed if the Android phone connected had a security setting disabled, which enables developer actions over USB on the phone – something often required for Android software modifications and operating system customisation, as well as by certain Android backup programs. “Overall, the motivation behind the installation of these particular mobile applications remains unknown,” said Calvet. Using the USB connection, the “installphoneapp” installed applications, including three separate Chinese app stores, and a phone call app that claimed to offer cheap phone calls.Ĭhinese Android programs installed by the malicious applications.
![xunlei thunder android xunlei thunder android](https://i.ytimg.com/vi/-KVxM8mMYqo/maxresdefault.jpg)
The malware also included an updater that automatically checked a server for new versions of the programs, installing updates when they became available.Īnother application installed alongside the Office plugin silently installed applications onto Android phones that were connected to the infected computer. Silently installing applications onto Android phones
XUNLEI THUNDER ANDROID WINDOWS
If the program failed to detect any running computer analysis tools, it began sending user information such as the version of Windows being used to a remote server. When run, the Office plugin scanned the computer for analysis tools such as the Windows task manager, and quickly shut down if one was found running on the system, effectively evading detection by the computer user or a security analyst. One of the programs, a plugin for the Microsoft Office applications Word, Excel and PowerPoint, then installed itself within the Windows Registry, ensuring that it was loaded every time an Office application is run. It is unclear how the malware, which was specifically programmed to avoid detection by security software and analysts, was initially spread.Ī “dropper” program named “INPEnhSetup.exe” posed as a Windows installer, which once activated contacted a server across the internet – a domain owned and operated by Xunlei - and “dropped” or installed three further malicious programs onto the system. Parts of the complete file can be hosted on many different computers, and the whole reconstructed by pulling the parts from different machines. The BitTorrent protocol breaks each file to be shared into small chunks and sends them across the internet between computers. The Xunlei software is very popular in China and has about 30% of world BitTorrent users, making it the most used BitTorrent client for the service, which allows peer-to-peer file sharing.
![xunlei thunder android xunlei thunder android](https://i0.wp.com/softwareformac.net/wp-content/uploads/2021/01/Xunlei-Thunder-2.6.6-Mac-Crack.png)
![xunlei thunder android xunlei thunder android](https://www.jayceooi.com/wp-content/uploads/2008/12/xunlei_thunder_5.jpg)
The degree to which Xunlei Networking Technologies is implicated is hard to tell from the outside,” said Joan Calvet from Eset in a blog post. “The company officially admitted during a press conference that some of its employees have used company resources to create and distribute this program. The malware is classed as a Trojan, and only affected Chinese users, according to Eset. A Google-backed file sharing service has been discovered spreading malware to thousands of Windows and Android users.Īn investigation by security company Eset has revealed that Xunlei has been spreading malware named “Win32/Kankan” to Windows and Android users, signed with the company’s security certificate.