A quick run-down of known Android trojans' functions
The android-based e-threats found so far are exclusively trojans, masquerading either as legitimate or as pirated versions of popular applications. Only one in particular functions as a trojan downloader and that, only on rooted devices.
Otherwise, these e-threats exhibit lots of variation in their behavior and purpose. Some are designed steal data, so SMS messages get forwarded to certain number, location data, IMEI and IMSI numbers get sent to remote servers and so on.
Others are designed to rack up charges for dubious services on the phone bill, a certain percentage of which goes into the virus writers’ pockets. This is the preferred method in Russia, apparently.
Yet others are designed simply to perpetrate clickfraud – they can be instructed to access certain addresses at certain intervals, such as to appear, for instance, as if the user of the affecteddevice is clicking a banner or a text ad somewhere. Of course, the advertising revenue then finds its way into the crooks’ pockets.
The issue is made rather simple by the fact that Android needs explicit permission to install apps: one needs to inform the users that some apps in particular are e-threats, before they get conned into believing otherwise.
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
July 21, 2021
How We Tracked a Threat Group Running an Active Cryptojacking Campaign
July 14, 2021
A Note from the Bitdefender Labs Team on Ransomware and Decryptors
May 26, 2021
New Nebulae Backdoor Linked with the NAIKON Group
April 28, 2021
Good riddance, GandCrab! We’re still fixing the mess you left behind.
June 17, 2019