Security Researchers Analyze Android Trojan Downloaders


Malicious Android applications downloaded by Android.MulDrop.18.origin

Security researchers from Russian company Doctor Web have come across an interesting Trojan downloader. The threat, dubbed Android.MulDrop.18.origin, is designed to download malicious applications onto infected devices.

According to experts, when it’s executed, MulDrop uses a special library to decrypt its components. Two files – detected as Android.DownLoader.57.origin and Android.DownLoader.60.origin – are dropped.

Once they’re activated, these components start communicating with remote servers from which they obtain the list of applications they must install. The command and control server can be configured so that it pushes files at certain intervals.

Among the malicious elements downloaded by the malware, researchers have identified SMS Trojans and spyware such as Android.SmsSend and Android.Backdoor.

Cybercriminals can also make a profit by pushing legitimate applications. They can make a lot of money from services that pay for the installation of certain apps.

Dr. Web has noted that the applications pushed by the Trojan are not installed automatically. Users must confirm the installation. However, experts highlight the fact that many users don’t pay too much attention to what they’re installing on their smartphones.

A second Android.MulDrop.18.origin variant analyzed by Dr. Web includes the Trojan downloaders in a non-encrypted form. This piece of malware’s goal is similar, but it uses different mechanisms to communicate with the command and control server.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s