Android.BackDoor.44 is an executable UNIX file designed to run on Android mobile devices. It is incorporated into Android.Backdoor.260.origin as an additional module.
It can execute the following commands:
- DOW—download a file form the server
- UPL—upload a file to the server
- PLI, PDL, SDA—update malicious modules and settings
- DIR—get the list of files residing in the specified folder
- DTK—write the contents of the specified folder into a file
- OSC, STK—run a search for the specified file of folder
- OSF—abort the search of the specified file
- DEL—delete the specified file
- SCP—take a screenshot
- BGS—activate the microphone and start recording
- GPRS—start tracking GPS coordinates
While some commands are executed by Android.BackDoor.44 on its own, other commands are carried out with the help of other malicious libraries incorporated into Android.Backdoor.260.origin. The libraries communicate with each other through UNIX sockets.