Dr.Web has discovered 25,000 devices affected

9th August 2013 | By Mouseworld Now Correspondent |

New Delhi, India, August 9, 2013: Dr.WEB, Russian developer of information security software, has discovered several malicious programs on Google Play that install Android.SmsSend Trojans on mobile devices. The Trojans send short messages to premium numbers and deplete subscriber accounts. Google was promptly notified about the incident.

The programs, discovered by Doctor Web’s analysts, belong to the Vietnamese developer AppStore Jsc. They are disguised as audio players and a video player that displays adult content.

The table below is based on Google Play statistics. It provides information about the number of users who have installed these applications.

The total number of installations of these three programs ranges between 11,000 and 25,000.

These applications appear harmless. However, they incorporate an extra apk-file that contains an Android.SmsSend Trojan. While running these carrier pplications, dubbed Android.MulDrop, Android.MulDrop.1, and Android.MulDrop.2 by Dr.Web, can prompt the user to download the content they need, but their consent initiates the installation of another application rather than the downloading of files. For example, the video player program offers to get the user new adult clips.

If the careless user agrees to install a suspicious application, the Trojan Android.SmsSend.512 will be installed on the device. The program covertly sends short messages to the short number 8775 which is specified in the malware’s configuration file. It is noteworthy that this Trojan really does enable a user to view adult video clips. Apparently, the attackers implemented this feature to avoid unnecessary suspicion.

As for the second and third Trojan carriers, they contain malware dubbed Android.SmsSend.513.origin. It operates similarly to Android.SmsSend.517, but, unlike the latter, it acquires information about short numbers from a command and control server.

Devices running Dr.Web for Android are well protected from these malicious programs whose signatures were promptly added to the virus database.


© Mouseworld Now News Service

Tags: , , , ,

Leave your comment

IMPORTANT! To be able to proceed, you need to solve the following simple math

What is 4 + 13 ?
Please leave these two fields as-is:

Mouseworldnow Videos
  • r chandrashekhar president nasscom
  • Anant Maheshwari, President, Microsoft India
  • Suresh_Vaswani-220 by 220

Channel News

  • iValue is “APAC VAD” for Micro Focus more...
  • Telr launches its sub-brand TelrSecure more...
  • iValue is “APAC Emerging VAD” for AlgoSec more...
  • Rashi Peripherals Kick-Starts SI Training Program For Partners more...
  • Toshiba Sends its Storage Partners to Bali Under its Foreign Trip Scheme more...
Subscribe via email

Enter your email address:

What does the mouse ask?

Will the spurt in online video advertisement steal the twinkle from the TV ad platform?

View Results

Loading ... Loading ...
Newsletter Registration