Virus analysts the company “Doctor Web” found in the official Google Play store dozens of gaming applications, which hides a Trojan. The main purpose of malware Android.Xiny.19.origin — download, install, and run programs at the command of attackers. In addition, the Trojan is capable of showing hype, reported in “Doctor Web”.
The writers have built this BSOD in over 60 games, which are then placed in the directory Google Play on behalf of more than 30 developers, in particular, Conexagon Studio, Fun Color Games, BILLAPPS and many others. “Doctor Web” has already notified Google about this incident, but at the time of publication by the company of this infected material the game was still in Google Play — not recommended to download games from the catalog in the next few hours on the devices that are not protected by antivirus.
At first glance, the identified programs are not much different from many other similar apps — although the quality of their mediocre after launch they still provide the owners of Android-smartphones and tablets the promised functionality. However, if users knew in advance about hidden Trojans in them, they would be unlikely to agree to installation of the software. The fact is that Android.Xiny.19.origin sends to the server IMEI-ID and MAC address of the infected device, version, and the current OS language, the name of the mobile operator, the availability of the memory card, the application name, which is embedded in the Trojan, as well as whether the corresponding program in the system catalog.
However, the main danger Android.Xiny.19.origin is, what threats it can dynamically download and execute arbitrary apk files. In this case, the function of the Trojan is implemented in a very interesting way. In particular, for masking the object of malicious virus writers hide it in a specially crafted image, in fact, using the method of steganography. Unlike cryptography where the original information is encrypted, and the mere fact of encryption may cause suspicion, steganography allows you to hide some information imperceptibly. Apparently, the resourceful writers in this way decided to make life difficult for virus analysts with the expectation that they will not pay attention to the seemingly innocuous pictures.
Receiving from a control server of a desired image, Android.Xiny.19.origin by means of a special algorithm to derive hidden apk-file, which starts the.
Android.Xiny.19.origin has other malicious functionality. In particular, the Trojan can download and offer to the owner of the infected device to install the various applications, and in the presence of root access and even install and uninstall apps without the user’s knowledge. In addition, this malicious program is capable of showing all sorts of ads.
Experts urge owners of mobile Android devices do not install dubious SOFTWARE, even if it is in the official catalogue. All applications that contain the Trojan Android.Xiny.19.origin, detected and neutralized by antivirus products Dr. Web for Android.