Google Play Trojan Infects, Then Attacks
A new Android Trojan that disguises itself as the Google Play store app is being used to send distributed denial-of-service (DDoS) attacks and SMS spam.
Doctor Web, the Russian antivirus software firm that discovered the Trojan, said it was very versatile and could impact infected users and recipients of malicious communications in a variety of ways.
"Upon receipt of such a command, [the Trojan] starts to send data packets at the specified address," Doctor Web wrote on its blog. "If the malicious program is required to send an SMS, the command message will contain the message text and the number to which it should be sent.
"Activities of the Trojan can lower performance of the infected handset and affect the well-being of its owner, as access to the Internet and SMS are chargeable services. Should the device send messages to premium numbers, malicious activities will cost the user even more."
In order to feign legitimacy, the app will take users to the official Google app store when they click on it. Doctor Web noted that it's unclear exactly how users become infected, but believes it relies on tricking users via social engineering in order to spread.
Once users become infected with this particular Trojan, they can see their bill skyrocket if criminals choose to clandestinely send premium text messages, and they can be enlisted into DDoS attacks and spam campaigns.
Android users can protect their phones from a variety of threats by downloading apps only from the official Google Play store and keeping track of which applications are given critical permissions.