Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Back to news

1.5 million users may be affected by dangerous downloader Trojan for Android

July 24, 2015

Even though Google Play is an official Internet recourse that hosts applications for Android devices, it can still become a home for potentially dangerous or malicious programs. This week, one of suchlike programs was detected by Doctor Web security researchers.

The malicious program named Android.DownLoader.171.origin is distributed as KKBrowser. Judging from Google Play statistics, it has already been downloaded 100,000–500,000 times. However, if we take into account Chinese websites that also host this malicious program (Baidu—880,000, qq—310,000, 360cn—60,000, Wandoujia—58,000 downloads), the total number of downloads will exceed 1.5 million.

screen

Moreover, Indonesian users can also download this Trojan from Google Play in their country (already 1,000–5,000 downloads).

Android.DownLoader.171.origin encompasses features of adware and downloader Trojans. Once installed, the malicious program connects to remote command and control servers and downloads applications specified by cybercriminals; at that, if Android.DownLoader.171.origin has root privileges, applications are installed automatically (otherwise, a relevant prompt is displayed).

The Trojan can not only install but also remove programs without user knowledge. Again, if Android.DownLoader.171.origin has elevated privileges, programs are removed automatically (otherwise, the user is asked to give their consent). In addition to that, the Trojan can display fake email message notifications in the status bar. If the user taps such a notification, a website specified by cybercriminals will be loaded in the browser window.

The malicious program scans the system for the presence of Chinese anti-virus software and sends the server various device-related information (such as system language, OS version, availability of administrator privileges, device model, screen resolution, IMEI, and other data).

Doctor Web would like to emphasize once again that even applications downloaded from official Internet resources can be unsafe to use. Only modern anti-virus solutions can ensure protection against various malicious programs.

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040