How I dealt with the Ztorg Android Malware

On Sunday 10th July 2016 at 03:00 GMT, Kaspersky Internet Security for Android detected 2 pieces of malware on my device within a pirated version of Minecraft Pocket Edition. (Yes I pirate games if I have to)

10 minutes later, the scan finished and KIS stated that it had found one malicious app running in memory and 1 malicious apk file in the downloads directory. KIS then identified the 2 threats as Trojan.AndroidOS.Ztorg, which I googled and later discovered that it was a Remote Access Trojan connected to the Triada Malware Family. The online article written by Kaspersky Lab said that the only way to remove the Trojan was to either “root” the device or jailbreak the device and remove it manually. I wasn’t willing to jailbreak my device, so I decided to wipe all data off the device and wipe everything in memory.

Later that day, I connected my Android device to my computer (Making sure the malware wouldn’t spread of course) and started transferring important files over to my PC before I wiped everything from the device. At the time, I was also watching a livestream at twitch.tv/the8bitmonkey.

After I had transferred all important files, I held the power button and the volume up button for about 30 seconds. This rebooted the device into the Android boot menu, similar to the F8 screen on Windows PCs. I then selected Factory Reset, which only took about 10 seconds, so I did it again to make sure everything had been deleted. I also cleared everything from the system cache and memory so that the Trojan did not re-infect the device, once I restarted it.

How did I actually get infected with the Ztorg Malware?

I had downloaded a pirated copy of Minecraft Pocket Edition a few months earlier, I never knew that it was infected and KIS didn’t find any threat when I installed it, so I assumed that it was safe. Never download any pirated / cracked / modified version of a game, because you risk being infected.

Also, there’s no point reporting this to Mojang, because Mojang have stated that as long as you don’t distribute / share pirated copies of their games, they don’t care if you use a pirated copy or not.

Extra

Triada Malware Article by Kaspersky

Triada Man-In-The-Middle Attacks

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s