Your browser is obsolete!

The page may not load correctly.

Free trial
Dr.Web for Android

Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support

Send a message

Call us

+7 (495) 789-45-86

Forum
Profile

Back to news

Trojan for Android downloads malicious applications in the guise of incoming messages

June 19, 2015

Doctor Web security researchers have detected yet another Trojan for mobile devices designed to display fake SMS and email message notifications and to make users download malicious software. Due to the fact that these notifications resemble real ones, users are very likely to be deceived and, as a result, install some dangerous applications on their mobile devices “sponsoring” cybercriminals.

The malicious program examined by Doctor Web analysts and named Android.DownLoader.157.origin is distributed through websites that host various software for mobile devices. The malware is disguised as a mobile application, which shows the following information about a conversation partner during a call: country, region, and mobile network operator. In spite of this program's ability to actually perform the mentioned task, its main purpose is to display fraudulent message notifications that can be easily mistaken by potential victims for real ones.

screen

Once the user taps such a notification, the Trojan downloads a special APK file from a remote server and plants another notification in the status bar. Tapping it initiates the installation process of the downloaded file. The research conducted by Doctor Web analysts shows that the majority of programs distributed in this manner are different Trojans including downloader Trojans, backdoors, and other dangerous software.

screen

In 2012, Doctor Web security researchers already examined another suchlike Trojan that acted similarly to the current one; that is, by demonstrating fraudulent message notifications, it attempted to make Android users download other malicious programs on their mobile devices. This fact proves that the described scheme of deception is still profitable and popular among cybercriminals.

screen

The signature of Android.DownLoader.157.origin has been added to Dr.Web virus database. Therefore, this malicious program poses no threat to our users.

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2017

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040