Security researchers from Russian company Doctor Web have come across an interesting Trojan downloader. The threat, dubbed Android.MulDrop.18.origin, is designed to download malicious applications onto infected devices.
According to experts, when it’s executed, MulDrop uses a special to decrypt its components. Two files – detected as Android.DownLoader.57.origin and Android.DownLoader.60.origin – are dropped.
Once they’re activated, these components start communicating with remote servers from which they obtain the list of applications they must install. The command and control server can be configured so that it pushes files at certain intervals.
Dr. Web has noted that the applications pushed by the Trojan are not installed automatically. Users must confirm the installation. However, experts highlight the fact that many users don’t pay too much attention to what they’re installing on their smartphones.
A second Android.MulDrop.18.origin variant analyzed by Dr. Web includes the Trojan downloaders in a non-encrypted form. This piece of malware’s goal is similar, but it uses different mechanisms to communicate with the command and control server.