November 30, 2016
During November 2016, several cases involving Android Trojans were registered. The month began with a malicious program on Google Play, and then a new threat for Android mobile devices was discovered later.
PRINCIPAL TRENDS IN NOVEMBER
- Detection of an Android Trojan on Google Play
- Detection of a Trojan preinstalled on Android devices
Mobile threat of the month
At the beginning of November, Doctor Web’s specialists detected Android.MulDrop.924, a Trojan that was being distributed as a benign Google Play application called “Multiple Accounts: 2 Accounts”. It allowed mobile device users to use multiple accounts simultaneously. By the time the Trojan was detected, this application had already been downloaded over a million times. The Trojan was removed and no longer exists in the application store.
Features of Android.MulDrop.924:
- Part of the malicious functionality has been put in additional modules that are hidden in PNG images;
- It covertly downloads other applications and then invites users to install them;
- It displays annoying advertisements.
More information about Android.MulDrop.924 can be found in the corresponding review published by Doctor Web.
According to statistics collected by Dr.Web for Android
- Android.Xiny.26.origin
Trojans that acquire root privileges copy themselves into the system directory and then download various applications without the user’s knowledge. They can also display annoying advertisements. - Android.DownLoader.337.origin
A Trojan that downloads other programs to mobile devices. - Android.Mobifun.7
A Trojan designed to download Android applications. - Android.Cooee.1.origin
A Trojan designed to covertly download and install applications and to display advertisements. - Android.MulDrop.66.origin
A Trojan that distributes and installs other malicious programs on Android devices.
- Adware.Airpush.31.origin
- Adware.WalkFree.2.origin
- Adware.Leadbolt.12.origin
- Adware.Appsad.3.origin
- Adware.Batad.10
An unwanted program module that is incorporated into Android applications and is responsible for displaying annoying ads on mobile devices.
Preinstalled Trojans
Later in November, Doctor Web’s specialists detected an Android Trojan that was preinstalled on some popular mobile devices—for example, the smartphone BLU R1 HD. The Trojan, added to the virus database under the name Android.Spy.332.origin, was initially a benign system program for updating firmware. However, malicious functions were added to the new version of that program.
Features of Android.Spy.332.origin:
- Covertly downloads, installs, and removes other programs;
- Executes shell commands;
- Sends private information—details about SMS messages and phone calls, and some technical data about an infected device—to a command and control server.
Android Trojans are still posing a threat to user information security. They can be found periodically on the Google Play store and can even be preinstalled on mobile devices and tablets. To protect your device or to detect Trojans that have managed to infiltrate your device, we recommend that you install Dr.Web for Android.
