Security researchers from the Russian company Doctor Web discovered an interesting parachange of Trojan downloader. The threat, named Android.MulDrop.18.origin, is designed to download malicious applications into a Appliances infected.
According to experts, when MulDrop is run on a device it uses a special library to decrypt its components, which include two files. The files are detected as Android.DownLoader.57.origin and Android.DownLoader.60.origin.
Once enabled, these files start communicating with remote servers from which they receive the list of applications they need to install. The administration and control server can be configured to deliver files at certain intervals.
Among malicious files downloaded from malicious software, researchers identified SMS Trojans as well as spyware such as Android.SmsSend and Android.Backdoor.
Doctor Web researchers have reported that Trojan downloaded applications do not automatically install. Users must confirm the installation. However, experts underline the fact that most users do not give too much attention to what the application installers write.
A second variant of Android.MulDrop.18.origin examined by Doctor Web contained Trojan downloaders in unencrypted form. This malware is similar to the previous one, but uses different mechanisms to communicate with the command and control server.