A new Android trojan has been identified in China performing search engine queries in the background and clicking on results that match a predefined list of URLs.According to AVG, who dubbed the trojan "ADRD," this click fraud operation involves a Chinese search engine called Xiaxia.com, which was already being targeted by Symbian S60 malware.
Smartphones infected with ADRD become part of a botnet. They report their IMEI and IMSI identification numbers to the command and control server and are given a list of URLs to target in return.
Researchers from mobile security vendor Lookout warn that the trojan, which they call HongTouTou, is being distributed from alternative Android markets as repackaged apps.
So far, fourteen legit applications have been repackaged with the trojan and distributed through alternative means. They include the popular RoboDefense game and a variety of wallpaper apps.
The trojan can also be instructed to download and install APK package which monitors SMS messages and can even insert particular keywords into them.
Lookout researchers believe its purpose could be spam, but so far they have not see it used in any of the fourteen separate HongTouTou instances they track.
"
While we have seen the HongTouTou Trojan packaged in fourteen separate Android applications [...], it is important to remember that even though these apps are repackaged with the Trojan, the original versions available in the official Google Android Market have not been affected," Lookout explains.
In order to install the repackaged apps, users need to have an option called "sideloading" activated on their phones. This allows installing applications from unknown sources.
The option is not activated by default on most devices, but it is common to enable it in China, where a lot of cheap non-brand Android smartphones are being sold.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
