AfterDawn: News

Android malware using Google Play Store icon to trick users

A new Android trojan has been found that causes infected devices to be used for spamming text message purposes and even DDoS attacks.

The "Android.DDoS.1.origin" trojan was first discovered by effective Russian security firm Doctor Web, and tricks its way onto consumer's Android devices by disguising itself as a legitimate app from Google.



After installed, the app creates an icon that is an exact replica of the Google Play Store. Clicking it will still send you to the Store, but there is much more malicious occurrences happening in the background. The trojan will immediately try to connect to its Command and Control (C&C) server and if it does, the server operators are sent the victim's phone number. Further instructions are sent via SMS.

The malware, if given a DDoS command, will begin sending data packets to a specified address. This is bad for the site if there are enough infected devices and also bad for the user, who is using up bandwidth unwillingly and criminally.

Written by: Andre Yoskowitz @ 30 Dec 2012 22:27

• Previous article

• Google had to block TwitPic temporarily

• Next article

• Don't pirate this film, or else

• 3 comments

• Ofnir1

  How exactly does one get infected? I remember how there were, and probably still are, malicious versions of TubeMate on the Play Store.
  
  Another way I can think of right off, are people trying to score paid versions of apps via torrents. I don't remember the name of this one app in particular, but it would send an SMS to everyone in the victims contacts with something similar to, "I'm too cheap to pay for apps".
  

  
  

  31.12.2012 01:19 #1

• i1der

  hilarious...
  
  
  "I'm too cheap to pay for apps"
  
  I never got such a message, i support when price is right, dont need to pirate anymore too much entertainment already available and deals on the play store are great
  
  illegal download free since 2010.
  try netflix, redbox, pandora, tunein, hulu, basic cable, youtube, free apps, dollar apps, EA Origin, steam, amazon app+MP3.
  

  
  

  31.12.2012 02:24 #2

• A5J4DX

  Originally posted by Ofnir1: How exactly does one get infected? I remember how there were, and probably still are, malicious versions of TubeMate on the Play Store.
  
  Another way I can think of right off, are people trying to score paid versions of apps via torrents. I don't remember the name of this one app in particular, but it would send an SMS to everyone in the victims contacts with something similar to, "I'm too cheap to pay for apps". lmao!
  

  1.1.2013 20:23 #3