Hence, the Antivirus company “Dr. Web” has published another interpretation of the Trojan applications available on Google Play Store. The malware is distributed under the guise of simple games and service applications and is defined as the “Android.Valeriy.1.origin” by the Antivirus company “Dr. Web”. However, this Trojan is intended to distribute malware as we mentioned earlier, which were used by the attackers to attract users to subscribe several chargeable services, for making money on victims. Currently, the following applications on the Google Play Store are from the developers “ZvonkoMedia LLC, Danil Prokhorov and Horshaom” were infected by the Trojan:- According to the store statistics, these applications are installed on 15 thousand units. Once it installed on the system, the malware connects to a C&C server and receives a link to a malicious site. The main goal of the Trojan is to know the victim phone number and sign the user on paid services. Hence, the Trojan can also download and install a variety of applications derived from the C & C JavaScript-script using the WebView server.
As we mentioned earlier that these applications have been downloaded more than 15,500 users. Furthermore, the Antivirus company “Dr. Web” researchers recorded that over 55,000 downloads of these applications were done after they gained access to the Trojan’s C&C server. Moreover, the Antivirus company “Dr. Web” stated that “Our specialists and security experts have already informed the tech giant Google about this occurrence”.
Δ