Saturday, 10 August 2013
Security software developer Dr Web has confirmed that several malicious programs were found lurking in the Google Play store. The company then promptly notified Google about the incident. Dr Web said it has discovered malicious programmes on which send short messages to premium numbers and deplete subscriber accounts. The Russia-based firm said about 11,000 to 25,000 devices are infected by these malicious programmes.
The programmes, discovered by Doctor Web's analysts, belong to the Vietnamese developer AppStore Jsc. They are disguised as audio players and a video player that displays adult content. The total number of installations of these three programmes ranges between 11,000 and 25,000," it said. Although, these applications appear harmless, they have an extra apk-file that contains an Android.SmsSend Trojan, Dr Web said.
While running these applications , dubbed Android .MulDrop, Android.MulDrop .1 and Android.MulDrop.2 by Dr Web, they can prompt the user to download the content they need, but their consent initiates the installation of another application rather than the downloading of files, it added. If an unsuspecting user agrees to install the dubious application, the Trojan Android.SmsSend.512 will be promptly installed on the device. It moves on to sending short messages to 8775 – specified in the malware's configuration file. Interestingly, though, the Trojan does allow a user to view adult video clips, possibly to avoid suspicion. The remaining two programs contain Android.SmsSend.513.origin. This malware gets details about short numbers from a command and control server.
