Over 1,000,000 users have downloaded an Android Trojan from Google Play

Virus analysts "Doctor Web" found in Google Play another Trojan. This malware added to the virus database as Android.MulDrop.924, without the knowledge of user downloads of the application and offers to install them. In addition, it shows annoying ads.

Android.MulDrop.924 distributed through Google Play using the application name "Multiple Accounts: 2 Accounts," which had already downloaded more than 1,000,000 users of Android smartphones and tablets. The program allows you to simultaneously use multiple accounts in games and other SOFTWARE installed on the mobile device. However, this seemingly innocuous and even useful the app hides Trojan functionality, which the developer has forgotten to inform potential victims. The company "Doctor Web" gave Google information about the Trojan, however, at the time of publication of this news Android.MulDrop.The 924 was still available for download.

This Trojan has an unusual modular architecture. Part of its functionality located in the two subsidiary software modules that are encoded and hidden inside the PNG image located in the resource directory of Android.MulDrop.924. When launching, the Trojan extracts and copies the modules to your local directory under /data, and then loads them into memory.

One of these components in addition to harmless functions contains several ad plugins that the authors of Android.MulDrop.924 used for profit. Among them – a Trojan module of Android.DownLoader.451.origin, without the permission of the user download games and apps and offer to install them. In addition, it shows annoying ads in notification bar of the mobile device.

In Addition to Google Play, Android.MulDrop.924 extends through the sites and collections. One of the modifications of the Trojan embedded in an earlier version of the application Multiple Accounts: 2 Accounts. She signed third-party certificate and along with the malicious module Android.DownLoader.451.origin contains additional Trojan Android plugin.Triada.99 who downloads exploits to get on your device root access and is able to quietly download and install the program. Using a third party certificate may indicate that a specified version of Android.MulDrop.924 modified and distributes another group of virus writers, not associated with the creators of the original app.

All known versions of the Trojan Android.MulDrop.924 and its harmful components are successfully detected anti-virus Dr. Web for Android, so for our users, they pose no danger.

The article ended.

Just below it will be possible to leave a comment ;) Or to read what others think about it visitors. Often there is a lot of interesting additions.

Related Posts