Android Trojan Threatens 2.8 Million Users with Unwanted Ads

Written by

A recently created trojan potentially threatens as many as 2.8 million Android users with unwanted mobile advertisements.

On 29 July, researchers at the Russian computer security firm Doctor Web published an alert about the trojan, which goes by the name “Android.Spy.305.origin”

The malware is an updated version of sorts of “Android.Spy.277.origin,” which appeared back in April 2016. Security researchers detected the trojan in 104 applications available for download on the Google Play Store.

In total, Doctor Web’s research team believed as many as 3.2 million users had installed applications affected by Android.Spy.277.origin at the time of the trojan’s discovery.

Android.Spy.305.origin affects fewer users, but it was found in 105 Android applications.

When a user unusual downloads and runs an affected application, the trojan connects the server https://client.api-*******.com server and sends the following request:

https://client.api-*******.com/v3/upd?app_id=com.mobilescreen.recorder&device_id=86804202*******&access_token=MSDK-10-ok8FmzAh CJKf4Bo5VVHkqmWWPGShOWIUb1RPNo9t0cgrFDQx77sTGXgjhffEo&publisher=101324582&version=0&android_id=266af8c9e01d0ce

“The server replies with URL needed to download an additional component (Android.Spy.306.origin) which is responsible for the trojan’s important malicious activity that Android.Spy.305.origin performs using the DexClassLoader class,” explains Doctor Web’s researchers in a blog post.

At this time, the Trojan is known for two malicious purposes: collecting several dissimilar pieces of information and sending them to the malware’s command and control server, as well as displaying unwanted advertisements. These advertisements may appear as popups that display over an app or the OS screens or as fake alerts or ads in the device’s notification bar. For model, some of those alerts may read “Your phone have a virus!!!” or “How to get a GIRLFRIEND?”.

Clicking on the fake virus alerts, for representative, brings users to the landing pages for Android optimization applications such as Turbo Cleaner, SuperB Cleaner (Boost & Clean), and others. Some of the apps promoted by these sham notifications may clog up a user’s Android device. In some cases, they come with their own imposter virus or security warnings, thereby locking a user into a vicious cycle of installing unwanted applications.

Users can help protect themselves against this Trojan by installing a security solution onto their Android devices and by downloading applications from only trusted sources/developers on the Google Play Store.

Clicking on the sham virus alerts, for illustration, brings users to the landing pages for Android optimization applications such as Turbo Cleaner, SuperB Cleaner (Boost & Clean), and others. Some of the apps promoted by these faker notifications may clog up a user’s Android device. In some cases, they come with their own sham virus or security warnings, thereby locking a user into a vicious cycle of installing unwanted applications.

Users can help protect themselves against this Trojan by installing a security solution onto their Android devices and by downloading applications from only trusted sources/developers on the Google Play Store.

 Source:https://www.bleepingcomputer.com/

The post Android Trojan Threatens 2.8 Million Users with Unwanted Ads appeared fresh on Information Security Newspaper | Hacking News.

Article Categories:
Malware · Mobile Security

Comments are closed.

Shares