In the catalog Google Play found 28 applications that distribute Android-Trojan

The company "Doctor Web" reported that in the official catalog of Google Play 28 applications were found containing malicious advertising module capable of downloading Trojan for the mobile platform Android. The total number of units of programs, and therefore potential victims, several million. Despite the fact that the existing ad networks for mobile Android-devices, such as Google AdMob, Airpush, Startapp and so, quite successfully meet the needs of scams last decided to go ahead and set up his own advertising platform support. At first glance, it is no different from the others on the market: network offers Android-developers enticing terms of use advertising API, promising a high and stable income, as well as ease of management and control accounts.

As in many other Adware-modules, to display advertisements in this ad API uses push-method when the status bar mobile Android-based device displays one or another information notice. However, in addition to the stated functions, the platform contains a number of hidden features. For example, push-notifications from fraudulent advertising network information can be displayed on the need to install important updates for various applications. If an unsuspecting user agrees to install this "upgrade", the advertising module is downloading some apk-package and place it in the card catalog downloads / mnt / sdcard / download. This module can also create on the main screen of the mobile device label associated with the newly downloaded software in the future when the user clicks on the label will initiate the process of installing its associated program. conducted by specialists of "Doctor Web" study showed that downloaded so apk-files are from a family of Trojans Android.SmsSend. Further analysis revealed the source from which the data being downloaded Trojans: they turned the server on IP-addresses have been registered with the various directories fake applications. These addresses have already been made ​​to the Parental control Dr.Web anti-virus and successfully blocked them.

Special danger of this advertising API is that it contain applications have been found in the official catalog of Google Play, which is considered the safest source of Android-programs. On the basis of available experts "Doctor Web" information, it can be argued that the probable number of victims could reach more than 5.3 million users. As a result, the specialists of "Doctor Web" carried the module to adware-systems created by cybercriminals specifically for malicious purposes. In the anti-virus database it is brought under the name of Android.Androways.1.origin and poses no threat to users of Dr.Web for Android.