More than a million Android users have downloaded this trojan on Google Play

Oh look! It’s brought some of its friends, too!

More than a million Android users have downloaded this trojan on Google Play

More than a million users have downloaded a particularly sneaky Android trojan that's available on the official Google Play Store.

The Russian security firm Doctor Web found that the malware, known as Android.MulDrop.924, likes to disguise itself as games and other apps on Google Play Store and other app marketplaces.

One of its preferred masks is an app called "Multiple Accounts: 2 Accounts." It allows users to set up multiple accounts for games, email, messaging, and other software on their devices.

The app hasn't received too many bad reviews, either.

Screen shot 2016 11 14 at 9 30 54 am

No doubt such a good reputation played a part in convincing at least one million users to download it.

Screen shot 2016 11 14 at 9 31 21 am

The app, which is still available on Google Play, might appear to be benign in functionality. But it hides a dark secret.

Doctor Web explains more:

"The Trojan has a unique modular architecture. Part of its functionality is located in two auxiliary modules, which are encrypted and hidden inside a PNG image in the resource catalog of Android.MulDrop.924. Once launched, the Trojan extracts and copies these modules to its local directory in the section /data and then loads them into the memory."

Let's focus on the module "main.jar" in particular. It loads up several plug-ins designed to generate income.

One of those is the trojan Android.DownLoader.451.origin, which is like Android.Slicer.1.origin and Android.Spy.277.origin in that it covertly downloads applications and displays unwanted advertisements on the infected device.

But that's not all main.jar can carry. Other versions of Android.MulDrop.924 came with Triada, a trojan which leverages exploits to achieve root privileges on the device.

This particular trojan goes to show just how difficult it is sometimes to avoid a malware infection. With that in mind, users should maintain an up-to-date anti-virus solution on their phones and download apps only from trusted developers on Google Play Store.

It's not a foolproof anti-malware strategy, but it's your best bet when trojans as clever as Android.MulDrop.924 are out there.

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, ,

3 Responses

  1. JustAGuy

    November 15, 2016 at 6:14 am #

    How stupid is this article when at the end it states "…download apps only from trusted developers on Google Play Store." I guess the makers of this app are not trusted then and should be removed. How would the average person even know if the developers are "trusted"? How dump is that?

  2. no reply

    November 15, 2016 at 3:55 pm #

    So has Google removed this from their store ? Or just letting it sit there for others to download.

  3. dave

    November 15, 2016 at 9:02 pm #

    Yep, it's still there, just checked

Leave a Reply