Malware News New Trojan found in 155 apps on Google Play: 2.8 million mobile devices already infected

[omidomi]

Doctor Web specialists have discovered a Trojan on Google Play that displays annoying advertisements and steals private user information. This malware has been incorporated into more than 150 Android applications which have already been downloaded by over 2.8 million users.

This Trojan, named Android.Spy.305.origin, is implemented as an advertising SDK platform that is used to generate income from application downloads. Doctor Web specialists registered at least seven developers who have embedded Android.Spy.305.origin into their apps: MaxMitek Inc, Fatty Studio, Gig Mobile, TrueApp Lab, Sigourney Studio, Doril Radio.FM, Finch Peach Mobile Apps, and Mothrr Mobile Apps.



Among these malicious applications are live wallpapers, image catalogs, utilities, photo editors, radio applications, and so on. Thus far Doctor Web’s security researchers have registered 155 dangerous applications, which have already been downloaded over 2.8 million times. Although the company informed Google as to which applications contain Android.Spy.305.origin, many of them are still available for download.

​

Once one of these applications is launched, Android.Spy.305.origin connects to its command and control (C&C) server and receives a command to download an additional module—Android.Spy.306.origin. This component contains the main malicious payload that Android.Spy.305.origin uses with the help of the DexClassLoader class.

The Trojan then sends the following data to the C&C server:

• Email address connected to the Google user account
• List of installed applications
• Current system language
• Name of the device manufacturer
• Mobile device model
• IMEI identifier
• OS version
• Screen resolution
• Mobile network operator
• Name of the application containing the Trojan
• Developer’s ID
• SDK platform’s version

Then Android.Spy.305.origin starts delivering annoying advertisements by displaying them on top of running applications and the operating system interface. In addition, it can prompt users to download various software programs and scare them into thinking that their devices are infected with malware programs.

​

 

[DardiM]

Great share, Thks

 

[ZeroDay]

Excellent post, thank you for the heads up and information.

 

[Vasudev]

Thanks for the heads up. I'll take a look at my dad's and sis's phone(s).

 

[Aleeyen]

Though it was said that Android was a better OS in terms of security than Windows its turning out to be the reverse. It easier to deploy malware in systems that are using Android.

I think Dr. Web is doing better work in Android OS than in Windows.

 

[ravi prakash saini]

T

Though it was said that Android was a better OS in terms of security than Windows its turning out to be the reverse. It easier to deploy malware in systems that are using Android.

I think Dr. Web is doing better work in Android OS than in Windows.

The problem is with the user of smartphone which are more than the user of desktop or laptop.now a days every body is having smartphone irrespective of his smartness

 

[_CyberGhosT_]

T

The problem is with the user of smartphone which are more than the user of desktop or laptop.now a days every body is having smartphone irrespective of his smartness

You have to be fair and all inclusive it should say Irrespective of "his or her" smartness. lol

 

[ravi prakash saini]

You have to be fair and all inclusive it should say Irrespective of "his or her" smartness. lol

I cannot use the word "her" ,I consider you as my friend and you want me to get beaten by my wife

 

[Vasudev]

I cannot use the word "her" ,I consider you as my friend and you want me to get beaten by my wife

You could tell your wife that even your phone is infected with pesky ads and let me check and remove that malware for you. This idea won't work if she's an iPhone/WP user.