The company “Doctor Web announced the discovery of a dangerous Trojan for Android, which is used to earn money on costly subscriptions and to spread other malicious applications.
Trojan called Android.Valeriy.1.origin of developers have built into harmless. It is distributed through six apps available in Google Play: Battery Booster; Power Booster; Blue Color Puzzle; Blue And White; Battery Checker; Hard Jump — Reborn 3D.
All of them are games and utilities first, and to date a total of the catalog to be loaded, according to the company, more than 15, 500 users. At the same time managing the server is a Trojan, which gained access to the specialists of “Doctor Web” contains information on more than 55 000 unique installations. The virus analysts of the company delivered to Google information about the programs that hides Android.Valeriy.1.the origin, however, at the time the release notes were still present in the directory.
After you run infected games and apps malicious module connects with the control server to receive a job containing a specially formed link. Trojan horse automatically goes on the link that leads to the staging web site, and that, depending on various parameters, reports a malicious application from the final URL. In most cases, this URL leads to a dubious web portals, whose main task is to obtain the mobile phone number of potential victims and sign them up for the service, for which a daily fee will be charged.
Among advertised by the Trojan of the services may occur, for example, offer to look at the materials of erotic character and also to download the popular software that is actually free and available for download in the Google Play. Despite the fact that the information about the subscription and its cost is indicated on the download page, many users can simply ignore and enter your phone number.
Android.Valeriy.1.origin automatically opens in the WebView window one of these sites and displays it on the screen in the form of an advertising banner. At the same time getting the required job Android.Valeriy.1.origin begins to monitor all the incoming SMS. After the victim indicates the number of the phone, it enters the code to confirm your subscription to the paid service. However, Android.Valeriy.1.origin intercepts and blocks these messages, thus depriving the user of information that he agreed with the terms of the provision of costly services. The mobile accounts of victims every day will be charged a certain fee.