Doctor Web has often served information about Trojan for Android, which after attacking mobile devices are capable of in an unauthorized way to download applications. As a result, cyber criminals can not only distribute malicious software, but also reap the financial benefits of legitimate programs installed by users. Interest in this type of tool is not decreasing, as evidenced by the latest trojan downloader type, identified by analysts of Doctor Web.
Discovered by these new malicious applications are distributed via a Trojan dropper type (collecting and wypakowuj?cego main elements of malicious software), added to Dr.Web virus database as Android.MulDrop.18.origin. During the run, the Trojan is using a special library decrypts the two included in the resource APK packages (called a file from the Android Package), and then using the method DexClassLoader ( ie without user) loads into memory contained therein executables Dex – detected by Dr.Web as Android.DownLoader.57.origin and Android.DownLoader.60.origin. If the activation is successful, these programs establish a connection with a remote server, where they receive a list of applications to be downloaded to the mobile device data. At the same time, at specified intervals, in addition to the application can also be downloaded other files. Doctor Web analysts have identified include both new and already known malware belonging to several families, such as Trojans Android.SmsSend and Android.Backdoor. Thus, the cybercriminals can attack the owners of Android devices according to various scenarios, using for this purpose the types of malicious applications, ranging from ordinary SMS Trojans, Trojans advanced spyware. In addition, another potential way to use these type of Trojan downloader version is on sending legitimate applications and games, with installation where fraudsters derive financial benefits.
photo Artur Marciniec – Fotolia.com
id=”img-name-135883″ class=”art-img-tytul”> Another Trojan Attacks Android
worth noting that while trying to install programs downloaded by Trojans on mobile devices, it is required to confirm this action by users. It is therefore necessary to pay special attention when approving installation of software which does not knowingly married to your device.
Currently Doctor Web experts also identified a second version of the dropper Android.MulDrop.18.origin, containing, in contrast to the first, unencrypted versions of the Trojan downloader type , added to the virus database as Android.DownLoader.59.origin and Android.DownLoader.61.origin. The mechanism of the remote server connection is somewhat different from that which is implemented in the case of Android.DownLoader.57.origin and Android.DownLoader.60.origin, but the ultimate goal of their actions remains unchanged and consists of downloading and installing the application on the device mobile with Android system. All the above mentioned types of malware has been added to the Dr.Web virus databases and do not endanger the users of Dr.Web anti-virus for Android.
No comments:
Post a Comment