Trojan Gets into Android Groove

From my experience, a good first line for this article would be: “This piece of malware only affects Windows platforms, even though it is (somehow) related to another OS”.

And now, here is the entire story:

These days, I was looking for information regarding the Android OS. I guess we all are aware of Google Android OS- based mobile phones. If not, here are just a few facts about it:

In essence, Google Android is a Linux kernel-based Operating System for mobile phones. The statistics published on different Android-related sitesand mobile advertising networks reflect its success:

• About 60,000 Android phones are sold daily and about 22,000,000 a year
• Android Market delivers over 30,000 Android Apps
• About 60% of Android Apps are free
• 167 Apps have been downloaded between between 667,000 and 2.9 Million times.
• The average paid Android app is priced at $3.27
• The U.S. account for 65% of Android devices

Android-powered Netbooks have recently appeared on the market, meaning that Android OS can now be installed on Netbooks and, of course, on normal PCs. A quick search on the Internet for “Android on PC” and, here it is: a long list of sites offering the possibility to test the new OS on x86 Windows platforms.

 

Figure 1. Results for “Andoid on PC” Internet search

I will not go now into detail about how many sites were legitimate and how many linked to rogues. This is another story, an ancient tale, which goes like this: “false antivirus programs are a hot topic`s most fervent followers”.

We`ll spin some other yarn this time, one that`s so simple and ingenious it actually brings Oscar tears to our eyes. An apparently unsuspicious link in the returned list of results, one click, and the user is redirected to a look-alike of the LiveAndroidpage, which, instead of the promised OS for PCs, delivers a Trojan.

 

 

Figure 2. Trojan instead Android OS

Identified by BitDefender as Trojan.Generic.KD.13718, this piece of malware contains malicious or potentially unwanted software which it drops and installs on the system. Frequently, it installs a backdoor which allows remote, clandestine access to the infected system. This backdoor may then be used by cybercriminals to upload and install additional malicious or potentially unwanted software on the captured system.

A closer look at the fallacious site and at the downloaded file reveals several differences, the most important of which being that the downloaded file should have an .iso image, not an .exe extension. The sites may look the same, but there are a few minor details that will set the bogus apart from the genuine one (as indicated in the screenshots below):

Figure 3. Original Live Android site vs. Fake Live Android site

 

The moral of this story:

If you want to test software, make sure you download it from the official producer`s website. And also, don`t forget to install and update a complete antimalware software solutionon your system.