Android Trojan Responsible for China’s Largest Botnet Is Based on Backscript Malware

Symantec has found the malicious element hidden in more than 11,000 apps

By on January 24th, 2013 15:55 GMT

Earlier this month, we learned that a piece of malware called Android.Troj.mdk (MDK) was responsible for the largest mobile botnet China had ever seen, with over 1 million devices being infected. Experts from Symantec say that MDK is actually a new version of an older threat, Android.Backscript.

Researchers have found that the codes of the two malicious elements are very similar and they both use the same certificate to sign APKs.

The main difference is that the new variant uses an Advanced Encryption Standard (AES) to encrypt data.

After it’s installed onto a smartphone, the Trojan collects user information, downloads additional malware, and generates adware. In addition, it also allows its master to remotely control the infected device.

Initial reports revealed that the Trojan was hidden in around 7,000 Android apps. However, Symantec says it has been able to identify over 11,000 malicious applications.

For the time being, the malware has been served only on Chinese app markets.

Comments