My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Back to the news list

Doctor Web registers over 51,000 installations of Downloader Trojan from Google Play

October 22, 2018

Doctor Web earlier published a news article about the Downloader Trojan Android.DownLoader.818.origin, distributed as a VPN client, i.e. software that allows you to connect to private virtual networks. Malware analysts have continued researching this malicious application and detected its new modification, named Android.DownLoader.819.origin. Like the original Trojan, it was distributed via Google Play. It was installed by at least 51,100 users.

Android.DownLoader.819.origin is a downloader that installs other malicious applications to Android devices and launches them. The Trojan was distributed by the Quoac developer under the guise of games. Doctor Web experts have found 14 copies of Android.DownLoader.819.origininstalled by at least 51,100 Android mobile device users. Our malware analysts have sent the data on the identified software to Google. At the time we published this article, it was removed from Google Play.

screenshot Android.DownLoader.819.origin #drweb

Information about the detected malicious applications is in the table below:

App nameSoftware package nameVersion
Extreme SUV 4x4 Driving Simulatorcom.quoac.extreme.suv.driving0.3
Moto Extreme Racer
SUV City Traffic Racercom.suv.traffic.racer0.3
Sports Car
Crime Traffic Racercom.quoac.crime.traffic.game0.3
Police Car
Tank Traffic Racercom.quoac.tank.traffic.racer0.3
Extreme Car Driving
Russian Cars
Motocross Beach Jumping - Bike Stund Racingcom.quoac.motocross.beach.jumping0.4
Luxury Supercar
Crime Crazy Securitycom.quoac.crime.crazy.security0.4
Furious Extreme Driftcom.quoac.furious.extreme.drift0.3
Drift Car Driving

Android.DownLoader.819.origin is a modification of the Trojan Android.DownLoader.818.origin and has the same features. When launched, it requests read and write access to the SD card, and then prompts the user to assign it as one of the mobile device administrators. If the access is granted, the Trojan removes its own icon from the main screen menu of the operating system and hides itself on the device. After that, launching the “game” is impossible and the malicious application can only be found in the list of installed programs in the system settings.

screenshot Android.DownLoader.819.origin #drweb

screenshot Android.DownLoader.819.origin #drweb

When granted the necessary privileges, the Trojan connects to the remote server and downloads an APK file in the background. It then offers the device user to install it. If the user refuses, the malware tries to perform the installation again, showing the same dialog every 20 seconds until the user agrees to install the application. The file the Trojan downloads and installs is the malware. Android.HiddenAds.728, which displays ads whenever the screen of the affected smartphone or a tablet is on.

screenshot Android.DownLoader.819.origin #drweb

All known modifications of the Downloader Trojan Android.DownLoader.819.origin, as well as the malware they download, are successfully detected and removed by Dr.Web products for Android and, therefore, pose no threat to our users.

Your Android needs protection!
Use Dr.Web

Free download

  • First Russian anti-virus for Android
  • Over 135 million downloads—just from Google Play!
  • Available free of charge for users who purchase Dr.Web home products

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments