Security researchers from the Russian company Doctor Web have discovered an interesting variation Trojan downloader. The threat, named Android.MulDrop.18.origin, is designed to download malicious applications on infected devices.
According to experts, when MulDrop runs on a device it uses a special library to decrypt its components, which include two archives. The files are detected as Android.DownLoader.57.origin and Android.DownLoader.60.origin.
Once activated, these files start communicating with remote servers from which they receive the list of applications to install. THE server command and control can be set up to give records at certain time intervals.
Among malicious files downloaded from malicious software, researchers identified SMS Trojans as well as spyware such as Android.SmsSend and Android.Backdoor.
Doctor Web researchers have reported that Trojan downloaded applications do not automatically install. Users must confirm the installation. However, experts underline the fact that most users do not give too much attention to what the application installers write.
A second variant of Android.MulDrop.18.origin tested by Doctor Web contained Trojan downloaders in unencrypted form. This malware is similar to the previous one, but uses different mechanisms to communicate with the administration and control server.