The company “Doctor Web” reports the active dissemination of Trojan Android.Spy.510, install unwanted module displays advertisements on top of running applications. Malicious applications running on tablets and smartphones running operating system Android.
Android.Spy.510 distributed as part of a modified version of multemedia player AnonyPlayer. Trojan version of the player is fully operational and has all the features of the original program, so the user does not arise any suspicion. After installing and running the application collects and transmits to the management server sensitive data, including information about models of infected smartphone or tablet, version information, SDK, the presence in her root-access and user account Google Play. The Trojan then installs optional software package, which contains the basic functions needed attackers. The user is shown a message proposing to install an application AnonyService, ostensibly to help prevent the third parties of confidential information and ensuring anonymity. In fact, this program is an advertising module.
After starting Adware.AnonyPlayer.1.origin requests access to special features of the operating system, and then goes into standby mode. The application starts to display advertising in just a few days after installation. It is noted that this is done in order to reduce the probability of detecting a user source of unwanted activity. The program starts tracking all events occurring in the system and is waiting for the owner of the smartphone or tablet to launch an application, and then starts to display advertising. First Adware.AnonyPlayer.1.origin checks to find the appropriate program in the “white list”, where cybercriminals have placed some applications which, in their opinion, do not contain functions for the demonstration of commercial offers. These include the camera application, a calendar, a calculator, view SMS / MMS and a number of other programs. If this list is a match, the Trojan does not take further action, as advertising sales after the launch of the “clean” program can alert the user.
In the event that triggered the application is not in the “white list”, Adware.AnonyPlayer .1.origin creates a special notification with cell WebView, a window is displayed over the beginning of the program, and includes advertising, said control server. As a result, the owner of the unit may think that the source of the notification – a running application. The authors of the Trojan made sure to divert suspicion from their creations because when you run both the Adware.AnonyPlayer.1.origin, and application Android.Spy.510, no advertising is not displayed.
Employees the company “Doctor Web” recommend to owners of tablets and smartphones with the Android operating system to install applications only from trusted sources, and are extremely attentive and cautious about programs that require access to special features of the operating system (Accessibility Service). If a malicious application will get this access, they can begin to interact with the GUI and intercept information entered by the victim, working as a keylogger. As a result, the program may be able to steal confidential data, including personal correspondence, passwords and searches.
It is noted that the recording deactivating Trojan application Android.Spy.510, as well as set their advertising program Adware. AnonyPlayer.1.origin, entered into the database by Dr.Web virus and pose no danger to users of antivirus.
If you notice a mistake – select it with the mouse and press CTRL + ENTER.