The second home for Malware is said to Android. Android is one of the unluckiest OS that has been affected by every Malware and Virus from the beginning. Few days back we told you about a Spyware App that was spotted in the iOS App Store and Google Play Market with the name of Find and Call, later on was deleted from both of the stores. Following the old tradition, Symantec found a new kind of Malware in the Google Play Market. This Android.Dropdialer Malware was operating in a different way. The Malware was disguised with the name of the two famous Apps that a user couldn’t resist to download without asking why.
The name of the two famous Apps were, “Mario Brother” and “GTA 3: Moscow City”. These two suspicious Apps contained Android.Dropdialer hidden in them and these Apps were available since 24 June 2012. Since then they have generated about 50,000 to 100,000 downloads. This means that almost about 50,000 to 100,000 devices got affected with this Malware. The reason this Malware stayed so long in the Play Store is told to be the remote playload engaged by this Trojan.
How this Playload Works?
This playload worked with an interesting technique that was previously explained by an Employee of Symantec, Irfan Asrar stating that the owner of the Trojan would by pass the detection of this Malware by uploading the playload somewhere and making it work with the help of Q&A screen method. When you downloaded the Malware App, it would have asked you for the permission to download an additional App called Activator. Once the App Activator was downloaded and opened, the playload was injected. Once installed, the App sends an international SMS to a premium number. After that, the App says to uninstall it. Here comes the time when the second playload is injected.
Once everything is done, your data is in danger.
Thankfully, the Apps have been removed from the Play Market. Still the rising number of Malware Attacks in Play Market raises some questions against the Google’s App Approval Team. How can they approve such Apps in the Play Store?