BusyGasper spyware has over a hundred tools at it's disposal to steal data

walden, system, systems, accordion, backup, back, up, ransom, ware, ransomware, data, recovery, critical, protection, walden systems, virus, security, nas, network storage
The Accordion system converts ordinary external HD into a NAS box and enables you to backup data using any usb based storage device whether it is RAID, SATA, ATA, IDE, SSD, or even CF-card. Accordion backup appliance is a self contained device that can utilize any external storage for backing up data. You can utilize existing excess storage on existing workstations or servers. You can use existing NAS storage or you can use any usb based storage device. Accordion is agnostic when it comes to where it backs up to or what technology is used for backup.



     BusyGasper spyware that is loaded with a hundred tools ranging from device sensor listeners, motion detectors and the ability to process a user's screen taps all used to steal data. The mobile malware was detected by researchers at Kaspersky Lab in early 2018 and have been active since May 2016. So far, the infected devices seem to be in Russia. The author of the malware author is unknown but the FTP server used as the hacker's command and control ( C2 ) is located on the free Russian web hosting service Ucoz. BusyGasper is unique in that it supports the IRC protocol, something rare in Android malware. The malware can be directed to log into the the victim's email inbox, parse emails in a special folder for commands and save any payloads to a device all from an email attachment. The authors of the malware have developed keylogger based on screen taps. BusyGasper maps device screens assigning values to the layout area of the keyboard and can calculate pressed characters by matching given values with hardcoded ones.

     Analysis of BusyGasper revealed two parts. The first part is installed on the device and allows the hacker to issue instructions to the malware via the IRC protocol, such as a command to download the malware from the FTP server. The first part uses complex, intent based communication between its components to broadcast commands. The second part adds more functionality, including the ability to run commands remotely on the phone. Hackers can send a coded text messages that will trigger remote execution.




     BusyGasper also takes advantage of the smart phone's accelerometers. This added feature allows BusyGasper to issue the command "tk0" which mutes the phone, disables keyguard, turns off the brightness, uses wakelock and listens to device sensors. This allows BusyGasper to silently execute any activity without the user knowing that the device is in an active state. As soon as the user picks up the device, the implant will detect a motion event and execute the "tk1" to temporarily stop the activity.