Trojan in Google Play Android Apps

Monday, August 1, 2016 @ 02:08 PM gHale


There are currently 155 Android apps on the official Google Play Store infected with the Android.Spy Trojan.

This is a Trojan that collects details about the user’s device and then shows ads on top of the phone’s homescreen or of other applications, and inside the OS notification area.

RELATED STORIES
Android RAT Builder Released
Linux Kernel Defenses added to Nougat
Android FDE Vulnerability Patched
Google makes 108 Fixes for Android

Google is aware of the issue, but they have not yet removed all the offending apps, said researchers at Security firm Dr.Web who discovered the issue.

The Trojan, named Android.Spy.305, is a newer variation of the Android.Spy family.

Back in April, researchers found Android.Spy.277 in 104 Android apps on the Google Play Store, which ended up downloaded over 3.2 million times.

Adding up the total number of downloads for Android.Spy.305, Dr.Web security researchers said over 2.8 million users might be affected by this new Trojan.

As with the original, Android.Spy.305 will begin its malicious behavior after the user installs the tainted app. The first thing it will do is collect data on the user’s device, such as the email address connected to their Google user account, OS language, OS version, device name and model, and IMEI.

Additionally, the Trojan also collects details such as the screen resolution, mobile network operator, a list of installed applications, the name of the app through which delivered the Trojan, the developer ID and the SDK version.

The last two details are important because Dr.Web researchers said the Trojan is actually inside an advertising SDK, used to build other applications.