Trojan for Android downloads malicious applications in the guise of incoming messages
June 19, 2015
The malicious program examined by Doctor Web analysts and named Android.DownLoader.157.origin is distributed through websites that host various software for mobile devices. The malware is disguised as a mobile application, which shows the following information about a conversation partner during a call: country, region, and mobile network operator. In spite of this program's ability to actually perform the mentioned task, its main purpose is to display fraudulent message notifications that can be easily mistaken by potential victims for real ones.
Once the user taps such a notification, the Trojan downloads a special APK file from a remote server and plants another notification in the status bar. Tapping it initiates the installation process of the downloaded file. The research conducted by Doctor Web analysts shows that the majority of programs distributed in this manner are different Trojans including downloader Trojans, backdoors, and other dangerous software.
In 2012, Doctor Web security researchers already examined another suchlike Trojan that acted similarly to the current one; that is, by demonstrating fraudulent message notifications, it attempted to make Android users download other malicious programs on their mobile devices. This fact proves that the described scheme of deception is still profitable and popular among cybercriminals.
The signature of Android.DownLoader.157.origin has been added to Dr.Web virus database. Therefore, this malicious program poses no threat to our users.
Your opinion counts
Sign in or register to comment on our news posts and take advantage of other benefits available to registered users. You will be awarded one Dr.Webling per comment. You can exchange your Dr.Weblings for gift certificates that can be used to purchase Dr.Web at a discount.