While it’s not entirely clear how the Trojan is spread, researchers suspect that the attackers use social engineering tactics since the malware appears to disguise itself as a Google Play clone.
As a matter of fact, Dr. Web researchers wrote that, once installed, Android.DDoS.1.origin will create an icon that not only closely resembles that of Google Play, but launches Google Play when selected to reduce suspicion of foul play.
Screenshot Credit: Dr. Web
If it is launched, the Trojan will reach out to its command and control server (C&C) to relay the phone number belonging to the infected device and standby for further instructions to do one of the following:
- Participate in DDoS attacks by sending data packets to a specified server address & port
- Help with spamming efforts by sending the SMS spam message to the phone numbers specified by its C&C
Given the malicious activity, owners of infected devices will not only experience a decrease in performance but higher phone bills thanks to the SMS spamming & unauthorized data usage.
Dr. Web researchers note that the Trojan’s code is heavily obfuscated, indicating that the authors want to hide its function. That’s not much of a surprise given the malware’s capabilities; the attackers can easily use it to attack competitor websites, advertise products via SMS spam, or help generate revenue by sending text messages to premium numbers.
Keeping Your Android Device Safe
There is currently no evidence that users run a high risk of encountering this threat, or of it being distributed in the Google Play store. With that being said, here are a few steps that Android users can follow to keep their devices safe:
- Only download Android apps from official Android app stores like Google Play or the Amazon Appstore for Android.
- Always check the number of downloads, app rating and user reviews. If an app has a poor rating or a long list of poor reviews, you probably shouldn’t download it.
- Carefully review permissions before downloading and/or installing an app.
- Do not click links or download apps advertised in unsolicited text messages or emails.
- Consider installing a mobile antivirus app on your device; Sophos offers a free solution with remote wipe capabilities in the event that your device is lost or stolen. Check it out.
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+
No comments:
Post a Comment