ESET security researchers have discovered a new and dangerous application (Trojan) that targets Android devices by downloading and installing malicious software. The trojan, which was detected by ESET's security software as Android / TrojanDownloader.Agent.JI, spreads through broken websites and appears as an update to Flash Player.
This is one of the threats to Android that will be presented by ESET in Mobile World Congress.
Once installed, the malware creates a fake service on Android to save its power battery prompting the victim to give her access to Android Accessibility features. If the user gives permission to the features "Monitor your actions», who are "Retrieve window content» and "Turn on Explore by touch» the attacker can imitate the actions of the user by displaying what he wants on the screen.
« In cases we investigated, this trojan was created to download another trojan which was designed to earmark money from bank accounts. However, only a small change to the code would mean the infection with the user spyware ή ransomware» warns ESA's Malware Researcher Lukáš Štefanko, head of analysis.
The main indication that a device is infected with malware is the presence of the "Saving Battery" option among services in the Accessibility menu. In such a case, the user should either use a reliable mobile security app like ESET Mobile Security & Antivirus to remove the threat, or uninstall the app by going to Settings -> Application Manager -> Flash-Player.
In case the user has been deceived by granting the device management rights to the application, it is necessary to disable the administrator rights first, by going to Settings -> Security -> Flash-Player.
"Unfortunately, uninstall it downloader it does not remove the malicious applications it may have already installed. As is the case with downloader, the best way to clean the device is to use a mobile security solution » recommends Lukáš Štefanko.
ESET specialists have prepared a number of basic tips for preventing malware attacking mobile phones:
- Download applications or updates only from a trusted source - in the case of an Adobe Flash Player update, the only secure part is the official Adobe site. Always check the URL in your browser
- Pay attention to the access and rights that your applications require.
- Use a reliable Mobile Security solution.
Those interested can find more information in relation to dangerous downloader or for preventative technology from ESET. ESET specialists will be at this year's Mobile World Congress offering information on mobile security.
