During November 2016, several cases involving Android Trojans were registered. The month began with a malicious program on Google Play, and then a new threat for Android mobile devices was discovered later.
PRINCIPAL TRENDS IN NOVEMBER
Detection of an Android Trojan on Google Play
Detection of a Trojan preinstalled on Android devices
Mobile threat of the month
At the beginning of November, Doctor Web’s specialists detected Android.MulDrop.924, a Trojan that was being distributed as a benign Google Play application called “Multiple Accounts: 2 Accounts”. It allowed mobile device users to use multiple accounts simultaneously. By the time the Trojan was detected, this application had already been downloaded over a million times. The Trojan was removed and no longer exists in the application store.
According to statistics collected by Dr.Web for Android
Trojans that acquire root privileges copy themselves into the system directory and then download various applications without the user’s knowledge. They can also display annoying advertisements.
An unwanted program module that is incorporated into Android applications and is responsible for displaying annoying ads on mobile devices.
Later in November, Doctor Web’s specialists detected an Android Trojan that was preinstalled on some popular mobile devices—for example, the smartphone BLU R1 HD. The Trojan, added to the virus database under the name Android.Spy.332.origin, was initially a benign system program for updating firmware. However, malicious functions were added to the new version of that program.
Covertly downloads, installs, and removes other programs;
Executes shell commands;
Sends private information—details about SMS messages and phone calls, and some technical data about an infected device—to a command and control server.
Android Trojans are still posing a threat to user information security. They can be found periodically on the Google Play store and can even be preinstalled on mobile devices and tablets. To protect your device or to detect Trojans that have managed to infiltrate your device, we recommend that you install Dr.Web for Android.