New Android malware is a Google Play look-alike

Russian anti-virus vendor Doctor Web has uncovered a new Android malware that masquerades as a Google Play Store icon. According to Doctor Web, the trojan Android.DDoS.1.origin is capable of carrying out DDoS attacks on websites and can even send messages on the directions of criminals. Once installed, the malicious program creates an application icon that looks just like the Google Play icon. If a user clicks on the fake icon, the malicious program is activated and gets down to business. 

It is difficult to spot because it resembles the Google Play icon

The malware is difficult to spot because it resembles the Google Play icon



Once active, the trojan attempts to connect to a remote server. If it manages to connect successfully to a remote server, it will transmit the phone number of the affected device to criminals and wait for further commands. According to Doctor Web, criminals usually look to attack servers and send text messages. The post adds: "If criminals want the Trojan to attack a server, a command message will contain the parameter [server:port]. Upon receipt of such a command, Android.DDoS.1.origin starts sending data packets at the specified address. If the malicious program is required to send an SMS, the command message will contain the message text and the number to which it should be sent." 


The malware's activities can apparently hamper the performance of the device and cause much inconvenience. "Activities of the trojan can lower performance of the infected handset and affect the well-being of its owner, as access to the Internet and SMS are chargeable services. Should the device send messages to premium numbers, malicious activities will cost the user even more," the report states. 


Worryingly, it is still not clear how this trojan spreads, but it is likely that criminals are using social engineering tactics and are promoting the malware as a genuine Google application. 


Doctor Web notes, "It is worth noting that the code of Android.DDoS.1.origin is heavily obfuscated. Given that the Trojan can carry out attacks on websites and send various text messages to any number, including those of content providers, we can assume that the malware can also be used to conduct illegal activities for third parties (e.g. attack a competitor's site, promote products with SMS or subscribe users to chargeable services by sending SMS to short numbers)."


Such findings are rather worrying. In its latest study, ESET pointed out that viruses and worms spreading through flash drives and the rise in malware targeting Android are the main trends in the Indian malware landscape in 2013. In its official statement, ESET added that as per its report last year, malware for mobile phones was marked a main trend of 2012. This time, the researchers focused on malware for Android as the market share of Android mobile phones has been increasing dramatically.


During the first quarter of 2012, according to IDC statistics, Android recorded a year-on-year rise of 145 percent in market share. Furthermore, Juniper, in its whitepaper “Banking Anytime Anywhere”, estimates that in 2013, the number of users accessing banking services from their smartphones will rise to 530 million. According to the same study, in 2011, there were only 300 million individuals who accessed banks from their phones.

Published Date: Dec 28, 2012 16:56 PM | Updated Date: Dec 28, 2012 16:56 PM