Monday, July 27, 2015 – Figure of the day: How many users have downloaded a dangerous loader for Android? – Ferra

The number of the day:


So many users have downloaded a dangerous loader for Android.

The company “Doctor Web” has detected a new malicious program Android.DownLoader.171.origin, distributed through Google Play. The malware is distributed under the name KKBrowser. Statistics downloads Google Play shows about 100 000 – 500 000 units applications, however, if we add to this the number of collections of Chinese software, which also extends Android.DownLoader.171.origin (Baidu – 880 000 units, qq – 310,000, 360cn – 60,000, Wandoujia -58 000), the total number of downloads exceeded 1.5 million. Also in the catalog Google Play a version of this Trojan to the user from Indonesia (which has 1000 – 5000 downloads).

Android.DownLoader.171.origin combines the functions of a Trojan downloader and advertising applications . Once installed on the infected device malware refers to the managed server and loads the specified applications by hackers, while in the case of the device access with root privileges applications are installed automatically, and otherwise on the screen demonstrates the corresponding request.

The Trojan can not only install but also transparent to the user to delete the program – automatically if root access or request permission using the user. Besides Android.DownLoader.171.origin able to show the user a notification in the notifications panel Android, looking like a message on the flow of e-mail, while in fact the contents of the notifications defines the management server – if you click on a message opens a browser window and executed the transition to the specified intruders website.

A malicious program checks for installed antivirus software in China, and also collects and sends to the server information about the attackers infected device, such as language localization and OS version, the existence of administrative access , device model, screen resolution, and so the value of IMEI. d.


No comments:

Post a Comment