Android Trojan Relies on Inattentive Users

Tuesday, April 15, 2014 @ 10:04 AM gHale

A Trojan downloader called Android.MulDrop.18.origin is able to download malicious applications onto infected devices.

When it executes, MulDrop uses a special library to decrypt its components, said researchers at Russian security company Doctor Web. Two files – detected as Android.DownLoader.57.origin and Android.DownLoader.60.origin – end up dropped.

Android Trojan Spreads through Botnet
3rd Party Apps a Bug Nightmare
Android Malware Hits Windows PCs
Trojan a Work of ‘Poetry’

Once they activate, these components start communicating with remote servers from which they obtain the list of applications they must install. The command and control server can end up configured so it pushes files at certain intervals.

Among the malicious elements downloaded by the malware, researchers have identified SMS Trojans and spyware such as Android.SmsSend and Android.Backdoor.

The bad guys can also make a profit by pushing legitimate applications. They can make a lot of money from services that pay for the installation of certain apps.

Dr. Web said the applications pushed by the Trojan do not install automatically. Users must confirm the installation. However, researchers highlight the fact that many users don’t pay too much attention to what they’re installing on their smartphones.

A second Android.MulDrop.18.origin variant analyzed by Dr. Web includes the Trojan downloaders in a non-encrypted form. This piece of malware’s goal is similar, but it uses different mechanisms to communicate with the command and control server.

Leave a Reply

You must be logged in to post a comment.