December 26, 2016
The past month was quite eventful in terms of mobile security. The month began with an Android Trojan that infected system libraries, injected itself into application processes, and then covertly downloaded and installed various software. Later, Doctor Web’s security researchers detected malware programs which were preinstalled into dozens models of Android devices and covertly installed unwanted applications.
At the beginning of December, Doctor Web detected Android.Loki.16.origin that covertly downloaded and installed software on mobile devices. This Trojan tried to get root privileges by using exploits and then copied several additional modules into system catalogs. The modules allowed the Trojan to infect system libraries and to launch itself together with the modules, obtaning the root privileges. As a result, Android.Loki.16.origin could download, install, and remove applications without user knowledge. For more details about this incident, refer to the news article.
In mid-December, Doctor Web’s specialists found several Trojans incorporated into the firmware of dozens of Android mobile devices models. One of them, dubbed Android.DownLoader.473.origin, covertly downloaded and installed software—for example, the unwanted application Adware.AdBox.1.origin that displayed advertisements. Another Trojan, added to the virus database as Android.Sprovider.7, also downloaded applications and tried to install them. In addition, it opened various web pages in a browser, made phone calls, and showed advertisements. For more information about these Trojans, refer to the corresponding news article.
Cybercriminals actively continue contriving various methods to infect mobile devices—they even began to inject Trojans into devices’ firmware. Thus, consumers are under the risk to buy an infected device. To detect preinstalled malware programs, Android users should install Dr.Web for Android. If the Trojan is detected in the system catalogs, it is recommended that you contact the technical support service and ask for the system update to neutralize the threat.