For the time being, it’s uncertain how the Trojan is distributed, but experts believe the cybercriminals might be disguising it as a legitimate Android application.
Once it’s installed on a smartphone, the malware creates a fake Google Play icon on the desktop. When executed, this shortcut opens the real Google Play in order to avoid raising any suspicion.
After being executed, the Trojan connects to a remote server, sends it the victim’s phone number, and waits for further SMS commands.
The masterminds of Android.DDoS.1.origin can send various SMS commands. One of them orders the infected device to start sending out packets to a certain server, basically launching a DDOS attack against it.
While this only affects the phone’s performance, there are other activities that can be done by this threat. For instance, the cybercriminals can order the device to start sending out SMS messages to certain numbers.
These SMSs can be used to sign up the victim for premium mobile services or they can be utilized to send out spam.
Messages can also be sent to premium rate numbers, inflating the victim’s phone bill and implicitly filling the fraudsters’ pockets.
“Activities of the Trojan can lower performance of the infected handset and affect the well-being of its owner, as access to the Internet and SMS are chargeable services. Should the device send messages to premium numbers, malicious activities will cost the user even more,” experts noted.
Doctor Web has updated its products to ensure that its customers are protected against this threat.
Post a Comment