Virus analysts of “Doctor Web” directory found in Google Play dozens of game applications, hides a Trojan Android.Xiny.19.origin. The main purpose of this malware – download, install and run programs on the team attacks. In addition, the Trojan is able to show the hype tells CNews in the “Doctor Web”.
This Trojan Virus writers have built in more than 60 games, which are then placed in the directory of Google Play on behalf of more than 30 developers, in particular, Conexagon Studio, Fun Color Games, BILLAPPS and many others. “Doctor Web” has already notified Google Inc. of the incident and the date of publication of this material is now infected with the game still remain in Google Play – it is recommended not to download the game from the catalog in the coming hours on devices that are not protected Antivirus are advised by the company.
At first glance, the identified programs are not much different from many other similar applications – despite the fact that their quality is quite mediocre, after starting all of them provide the owners of Android-smartphone and tablet claimed functionality. However, if people knew in advance about the Trojans hidden in them, they are unlikely to agree to the installation of the software.
Android.Xiny.19.origin sends the server information about IMEI-identifier and MAC-address of the infected device, and the current version of the operating system language, the name of the mobile operator, the availability of the memory card, the application name, which is built in Trojan as well as about whether the corresponding program in the system directory.
However, the main danger is Android.Xiny.19.origin that team intruders it can dynamically download and run arbitrary apk-files. This Trojan is implemented this feature very interesting way. In particular, object to mask malicious virus writers hide it in specially created images, in fact, using the method of steganography. Unlike cryptography, where the original information is encrypted, and the mere fact that the encryption can cause suspicion, steganography hides some data quickly. Apparently, resourceful virus writers likewise decided to make life difficult for virus analysts with the expectation that they will not pay attention to seemingly harmless pictures, noted in the “Doctor Web”.
received from the management server to the image, Android.Xiny.19.origin using a special algorithm extracts the hidden apk-file, which is then launched for execution.
Android.Xiny.19.origin has other malicious functions. In particular, the Trojan may download and offer the owner of the infected device to install different software, and if the system root-access at all to install and remove applications without the user’s knowledge. In addition, the malware has the ability to display all sorts of hype.
Currently, Android.Xiny.19.origin has no functionality for root-powers. However, given the fact that one of the main purpose is to install Trojan software, nothing prevents cybercriminals to give him a command to load a set of exploits so that the malware had the necessary rights and began silently install and uninstall programs even.
The specialists of “Doctor Web” call for owners of mobile Android-devices do not install questionable software, even if it is in the official catalog of Google Play. All applications that contain Trojan Android.Xiny.19.origin, detected and neutralized by Dr.Web software for Android, the Company said.