We all have a mobile in our hands and there is an 80% chance it would turn out to be an android. Being an open source android is most vulnerable to attacks. Recently 130 malicious applications were uploaded on the Google Play Store. Play store is the marketplace for Android from where applications can be downloaded and installed on an Android OS.

These malicious applications are an exact replica of genuine android applications except that these are infected by Trojan virus and milks money from the users in illegal and unauthorized ways.  To be precise there are two variations of Trojans in this case. These Trojans show annoying ads and malicious web pages to users who have paid for the services.

Also, it posed as the official programs of bookmaker companies, including “Olymp”, “Most bet”, “Fonbet”, “Liga stavok”, “1xBet, “Winline”, and others.

The Trojan Attack

The Trojan virus which targeted the android applications has was of two types:-

First one name as Android.Click.265.origin that used to download the mobile version of “Eldorado” online store on its window but during the running time it performed several malicious functions.

Once it installed on to the victims mobile then it shows various annoying ads which open a portal which asks users to access the paid mobile services. Also it automatically clicked the subscription confirmation button on the opened webpage. The Trojan also loaded some premium content from top rated paid websites on to the mobiles of the victims. This was done by the parameters of the C&C servers  depending on the traffic distribution system (TDS). So each time the victim visited a website he/she was charged with services of increasing price.

Another Trojan in the same list was being used for fraudulent premium services subscription. The subscription charges were paid by the victim.

The working procedure of this Trojan was as follows. It actually opened one of the phishing sites where a user was invited to collect a reward or join a program from any of the trusted and reputed sites. The phishing site then asked to enter the code sent to their mobile. This code was actually the activation code for the premium services. If an infected device uses a mobile network to connect to the Internet, an Android device owner is subscribed to a premium service automatically after the phone number has been entered on the fraudulent website. Once the malicious program launched, it connected to C&C server which downloads a website also the Trojans request a malicious online portals links that leads to download other malicious programs.

How To Be Safe From Malicious Android Software

There are number of ways to be safe from malicious software present in the android market.

• Download software from android marketplace only.
• Never allow installation of software from suspicious developers.
• Always keep your system updated.
• Use a malware and virus scanner for your android device.
• Don’t download any application without checking its publication date, latest version and reviews.

These are some of the tips you should follow to keep your system free from any kind of virus or malware. But the threats are always looming around android so you must always try to keep your device as much secure as possible.

To know more about mobile security join Krademy.