Mobile & Gadgets

Trojan Gets into Android Groove

A fake LiveCD allegedly delivering the Android OS that runs on x86 Windows platforms turns out to be a Trojan.

From my experience, a good  first line for this article would be: “This piece of malware only affects Windows platforms, even though it is (somehow) related to another OS”.

And now, here is the entire story:

These days, I was looking for information regarding the Android OS. I guess we all are aware of Google Android OS- based mobile phones.  If not, here are just a few facts about it:

In essence, Google Android is a Linux kernel-based Operating System for mobile phones. The statistics published on different Android-related sitesand mobile advertising networks reflect its success:

  • About 60,000 Android phones are sold daily and  about 22,000,000 a year
  • Android Market delivers over 30,000 Android Apps
  • About 60% of Android Apps are free
  • 167 Apps have been downloaded between between 667,000 and 2.9 Million times.
  • The average paid Android app is priced at $3.27
  • The U.S. account for 65% of Android devices

Android-powered Netbooks have recently appeared on the market, meaning that Android OS can now be installed on Netbooks and, of course, on normal PCs. A quick search on the Internet for “Android on PC” and, here it is: a long list of sites offering the possibility to test the new OS on x86 Windows platforms.



Figure 1. Results for “Andoid on PC” Internet search

I will not go now into detail about how many sites were legitimate and how many linked to rogues. This is another story, an ancient tale, which goes like this: “false antivirus programs are a hot topic’s most fervent followers”.

We’ll spin some other yarn this time, one that’s so simple and ingenious it actually brings Oscar tears to our eyes. An apparently unsuspicious link in the returned list of results, one click, and the user is redirected to a look-alike of the LiveAndroidpage, which, instead of the promised OS for PCs, delivers a Trojan.




Figure 2. Trojan instead Android OS

Identified by BitDefender as Trojan.Generic.KD.13718, this piece of malware contains malicious or potentially unwanted software which it drops and installs on the system. Frequently, it installs a backdoor which allows remote, clandestine access to the infected system. This backdoor may then be used by cybercriminals to upload and install additional malicious or potentially unwanted software on the captured system.

A closer look at the fallacious site and at the downloaded file reveals several differences, the most important of which being that  the downloaded file should have an .iso image, not an .exe extension. The sites may look the same, but there are a few minor details that will set the bogus apart from the genuine one (as indicated in the screenshots below):

Android - Fake versus Real

Figure 3. Original Live Android site vs. Fake Live Android site


The moral of this story:

If you want to test software, make sure you download it from the official producer’s website. And also, don’t forget to install and update a complete antimalware software solutionon your system.

About the author

Sabina DATCU

Sabina Datcu, PhD has background training in Applied Informatics and Statistics, Biology and Foreign Languages and Literatures. In 2003 she obtained a master degree in Systems Ecology and in 2009 a PhD degree in Applied Informatics and Statistics.
Since 2001, she was involved in University of Bucharest's FP 5 and FP6 European projects, as researcher in Information and Knowledge Management field.

In 2009, she joined the E-Threat Analysis and Communication Team at BitDefender as technology writer and researcher, and started to write a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases.