{"id":14986,"date":"2012-03-14T14:37:51","date_gmt":"2012-03-14T21:37:51","guid":{"rendered":"http:\/\/blogs.mcafee.com\/?p=14986"},"modified":"2025-05-27T21:40:51","modified_gmt":"2025-05-28T04:40:51","slug":"android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/","title":{"rendered":"Android Malware Pairs Man-in-the-Middle With Remote-Controlled Banking Trojan"},"content":{"rendered":"

Based on the Android malware that we\u2019ve seen so far, one of the principal motivations to develop and spread malware on Android is to gain financial profit. We often see deceptive applications that send SMS messages to premium-rate numbers without the user\u2019s consent or that run man-in-the-middle attacks to forward SMS messages to an attacker with a user’s mTANs (Mobile Transaction Numbers). In the latter case, the attacker uses the information to defeat the two-factor authentication security scheme used by several banks and financial entities around the world. Examples of this last type of threat are the well-known Trojan bankers Zeus<\/a> and SpyEye<\/a>, which includes in the latest versions of its PC malware a new module that targets Android. In general, those malicious applications are not complex compared with more sophisticated threats. However, the situation may have changed: With the recent discovery of a new Android malware that has the man-in-the-middle functionality but, unlike Zeus and SpyEye, also can be controlled remotely and can grab the initial password from a mobile device without infecting the user\u2019s PC.<\/p>\n

The malicious application targets specific well-known financial entities posing as a Token Generator application. In fact, when the application is installed, the malware uses the logo and colors of the bank in the icon of the application, making it appear more credible to the user:<\/p>\n

\"\"<\/a><\/p>\n

When the application executes, it shows a WebView component that displays an HTML\/JavaScript web page that pretends to be a Token Generator. The web page also appears to be from the targeted bank (same variant of the malware but with different payload):<\/p>\n

\"\"<\/a><\/p>\n

To get the fake token, the user must enter the first factor of authentication (used to obtain initial access to the banking account). If this action is not performed, the application shows an error. When the user clicks \u201cGenerar\u201d (Generate), the malware shows the fake token (which is in fact a random number) and sends the password to a specific cell phone number along with the device identifiers (IMEI and IMSI). The same information is also sent to one of the control servers along with further data such as the phone number of the device. The malware finds the <\/span>list of control servers from an XML file inside the original APK. This information, along with other parameters of the malware, are loaded and stored in another XML file inside the device:<\/p>\n

\"\"<\/a><\/p>\n

The first two lists are used to run the man-in-the-middle attack because they filter the incoming SMS messages to get only the ones that have mTANs. If the originating address and message body are found in the \u201ccatch\u201d list, the content is sent to the default control server. The SMS can also be forwarded to the number specified in the XML if it is configured in the \u201ccatch\u201d list with the attribute \u201ctoSms.\u201d<\/p>\n

As soon as the initial registration is done, the malicious application creates a scheduled system event to program the execution of itself at some point in the future. The time when this event occurs depends on the values \u201ctimeConnection\u201d and \u201cperiod,\u201d which are defined in a configuration file. When this happens, a background service starts that creates and executes a thread which listens for commands sent from control servers. These commands update most of the configuration settings–the server list, the catch\/delete list and phone number used to receive the stolen mTANs, and the initial password. However, there are other interesting commands that add self-update or spyware capability to the malware:<\/p>\n

    \n
  1. sendContactList: Obtains the list of contacts stored in the device (name and number) and uses an open-source framework to\u00a0 serialize the list of contacts to send them to the control server.<\/li>\n
  2. updateUrl: Contains the URL used to download an APK file in the download folder of the SD card. The APK could be an update of the same malware or another malicious application. Once the APK is downloaded, a custom user interface is loaded with the text and title sent by the control server, to trick the user to install the new application.<\/li>\n<\/ol>\n

    The Android Malware Evolution You Need to Keep an Eye on<\/h2>\n

    Android malware that targets financial entities is in constant evolution: From man-in-the-middle attacks we now see more sophisticated, remote-controlled banking Trojans that can get more than one factor of authentication and update itself to, for example, modify a phishing attack to get other required credentials–such as the name or the ID number of the user–to perform electronic fraud. Due to the increasing popularity of Android and mobile-banking applications, we expect that more threats like this will appear. McAfee Mobile Security detects this threat as Android\/FakeToken.A.<\/p>\n","protected":false},"excerpt":{"rendered":"

    Based on the Android malware that we\u2019ve seen so far, one of the principal motivations to develop and spread malware…<\/p>\n","protected":false},"author":462,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[37,76],"coauthors":[1104],"class_list":["post-14986","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-android","tag-cybercrime"],"acf":[],"yoast_head":"\nAndroid Malware Pairs Man-in-the-Middle With Remote-Controlled Banking Trojan | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Based on the Android malware that we\u2019ve seen so far, one of the principal motivations to develop and spread malware on Android is to gain financial\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Android Malware Pairs Man-in-the-Middle With Remote-Controlled Banking Trojan | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Based on the Android malware that we\u2019ve seen so far, one of the principal motivations to develop and spread malware on Android is to gain financial\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2012-03-14T21:37:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-28T04:40:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2012\/03\/TokenGenerator.png\" \/>\n\t<meta property=\"og:image:width\" content=\"321\" \/>\n\t<meta property=\"og:image:height\" content=\"84\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Carlos Castillo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@carlosacastillo\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Carlos Castillo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/\"},\"author\":{\"name\":\"Carlos Castillo\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/894ee4a790607d505a13c24955d2edbe\"},\"headline\":\"Android Malware Pairs Man-in-the-Middle With Remote-Controlled Banking Trojan\",\"datePublished\":\"2012-03-14T21:37:51+00:00\",\"dateModified\":\"2025-05-28T04:40:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/\"},\"wordCount\":783,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2012\/03\/TokenGenerator.png\",\"keywords\":[\"android\",\"cybercrime\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/\",\"name\":\"Android Malware Pairs Man-in-the-Middle With Remote-Controlled Banking Trojan | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2012\/03\/TokenGenerator.png\",\"datePublished\":\"2012-03-14T21:37:51+00:00\",\"dateModified\":\"2025-05-28T04:40:51+00:00\",\"description\":\"Based on the Android malware that we\u2019ve seen so far, one of the principal motivations to develop and spread malware on Android is to gain financial\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2012\/03\/TokenGenerator.png\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2012\/03\/TokenGenerator.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Android Malware Pairs Man-in-the-Middle With Remote-Controlled Banking Trojan\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/894ee4a790607d505a13c24955d2edbe\",\"name\":\"Carlos Castillo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/729f5b9d2761341175762c5f10652607\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Carlos-Castillo-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Carlos-Castillo-96x96.jpg\",\"caption\":\"Carlos Castillo\"},\"description\":\"Carlos Castillo specializes in the analysis of mobile threats and Android malware. Castillo performs static and dynamic analysis of suspicious applications to support McAfee\u2019s Mobile Security for Android product. He is the author of the McAfee-published white paper, \\\"Android Malware Past, Present, and Future,\u201d and wrote the \u201cHacking Android\\\" section of the book, \\\"Hacking Exposed 7: Network Security Secrets & Solutions.\u201d As a recognized mobile malware researcher, Castillo has presented at several security industry events, including 8.8 Computer Security Conference and Segurinfo, a leading information security conference in South America. Prior to his position at McAfee, Castillo performed security compliance audits for the Superintendencia Financiera of Colombia, and worked at security startup Easy Solutions Inc., where he conducted penetration tests on web applications, helped shut down phishing and malicious websites, supported security and network appliances, performed functional software testing, and assisted in research and development related to anti-electronic fraud. Castillo joined the world of malware research when he won ESET Latin America\u2019s Best Antivirus Research contest with a paper titled, \u201cSexy View: The Beginning of Mobile Botnets.\u201d Castillo holds a degree in systems engineering from the Universidad Javeriana in Bogot\u00e1, Colombia.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/carlosacastillo\/\",\"https:\/\/x.com\/carlosacastillo\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/carlos-castillo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Android Malware Pairs Man-in-the-Middle With Remote-Controlled Banking Trojan | McAfee Blog","description":"Based on the Android malware that we\u2019ve seen so far, one of the principal motivations to develop and spread malware on Android is to gain financial","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Android Malware Pairs Man-in-the-Middle With Remote-Controlled Banking Trojan | McAfee Blog","og_description":"Based on the Android malware that we\u2019ve seen so far, one of the principal motivations to develop and spread malware on Android is to gain financial","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2012-03-14T21:37:51+00:00","article_modified_time":"2025-05-28T04:40:51+00:00","og_image":[{"width":321,"height":84,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2012\/03\/TokenGenerator.png","type":"image\/png"}],"author":"Carlos Castillo","twitter_card":"summary_large_image","twitter_creator":"@carlosacastillo","twitter_site":"@McAfee","twitter_misc":{"Written by":"Carlos Castillo","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/"},"author":{"name":"Carlos Castillo","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/894ee4a790607d505a13c24955d2edbe"},"headline":"Android Malware Pairs Man-in-the-Middle With Remote-Controlled Banking Trojan","datePublished":"2012-03-14T21:37:51+00:00","dateModified":"2025-05-28T04:40:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/"},"wordCount":783,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2012\/03\/TokenGenerator.png","keywords":["android","cybercrime"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/","name":"Android Malware Pairs Man-in-the-Middle With Remote-Controlled Banking Trojan | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2012\/03\/TokenGenerator.png","datePublished":"2012-03-14T21:37:51+00:00","dateModified":"2025-05-28T04:40:51+00:00","description":"Based on the Android malware that we\u2019ve seen so far, one of the principal motivations to develop and spread malware on Android is to gain financial","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2012\/03\/TokenGenerator.png","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2012\/03\/TokenGenerator.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Android Malware Pairs Man-in-the-Middle With Remote-Controlled Banking Trojan"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/894ee4a790607d505a13c24955d2edbe","name":"Carlos Castillo","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/729f5b9d2761341175762c5f10652607","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Carlos-Castillo-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Carlos-Castillo-96x96.jpg","caption":"Carlos Castillo"},"description":"Carlos Castillo specializes in the analysis of mobile threats and Android malware. Castillo performs static and dynamic analysis of suspicious applications to support McAfee\u2019s Mobile Security for Android product. He is the author of the McAfee-published white paper, \"Android Malware Past, Present, and Future,\u201d and wrote the \u201cHacking Android\" section of the book, \"Hacking Exposed 7: Network Security Secrets & Solutions.\u201d As a recognized mobile malware researcher, Castillo has presented at several security industry events, including 8.8 Computer Security Conference and Segurinfo, a leading information security conference in South America. Prior to his position at McAfee, Castillo performed security compliance audits for the Superintendencia Financiera of Colombia, and worked at security startup Easy Solutions Inc., where he conducted penetration tests on web applications, helped shut down phishing and malicious websites, supported security and network appliances, performed functional software testing, and assisted in research and development related to anti-electronic fraud. Castillo joined the world of malware research when he won ESET Latin America\u2019s Best Antivirus Research contest with a paper titled, \u201cSexy View: The Beginning of Mobile Botnets.\u201d Castillo holds a degree in systems engineering from the Universidad Javeriana in Bogot\u00e1, Colombia.","sameAs":["https:\/\/www.linkedin.com\/in\/carlosacastillo\/","https:\/\/x.com\/carlosacastillo"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/carlos-castillo\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/14986","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/462"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=14986"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/14986\/revisions"}],"predecessor-version":[{"id":214526,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/14986\/revisions\/214526"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=14986"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=14986"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=14986"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=14986"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}