New Trojan sights on Android-device with root-access

The company "Doctor Web," said the emergence of a new malicious program for the operating system Android. Under attack are the owners of mobile devices that use the system with elevated privileges. New Trojan spread by hackers, along with legitimate applications via popular sites, software packages and uses the following mechanism works: implements the principle of "dolls" that is, the modified application (detected by Dr.Web as Android.MulDrop.origin.3) contains another software package (apk-file), which is encrypted. In fact, the first application is Dropper - a kind of container which is used to deliver other malicious programs.

The creators of the Trojan as a basis for the dropper select a certain type of applications: system utilities, configurators, and the like, because for most of them must have administrator privileges. So, after you run an application requests a root-access, the user can do nothing to suspect. If successful, the necessary privileges Android.MulDrop.origin.3 decrypts hidden in it apk-file and places it in the system directory (/ system / app / named ComAndroidSetting.apk). The application is added to the virus database as Android.MulDrop.origin.4, is also a dropper. As Android.MulDrop.origin.3, it contains the apk-encrypted packet. The Trojan is activated after the next system start-up, decrypts and installs hidden inside the software package, which, in turn, is a Trojan downloader detected as Android.DownLoader.origin.2. Android.DownLoader.origin.2 also has a startup. After starting the system it connects to a remote server and receives a list of applications that it needs to download and install. This list can be as malicious software, and quite harmless application. According to "Dr. Web", users of Dr.Web for Android Anti-spam and Dr.Web 7.0 for Android Light protected from the effects of this vredonosnogoPO. To minimize the risk of infection, the company "Doctor Web" encourages owners of mobile devices based on Android, if possible, to limit when downloading applications, the official directory of Google Play.