The dangerous Android Trojan is still active, targeting Chinese users

Apr 12, 2012 12:41 GMT  ·  By

Experts have found that the main command and control (C&C) server that was used by cybercriminals to host the piece of malware known as GoldDream is still active.

Back in July 2011, malware analysts studied the Android Trojan that was designed to send SMS messages, place phone calls, install applications and even upload files to a server.

Now, GoldDream is targeting Chinese user, hiding on a phony Android market which serves apps that carry the malicious element, Websense reports.

The shady app site is made to look legitimate, even displaying a fake digital certificate. However, out of the 23 programs hosted on it, 18 were found to contain the Trojan, which apparently hasn’t changed its functionality too much.

Especially worrying is the fact that only Websense ThreatSeeker is flagging the website as being malicious. That is why, in many cases, users should rely on common sense to protect their Android devices against GoldDream and other dangerous malware.

Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile or follow me at @EduardKovacs1