Android is constantly a target for those looking to spread malware, and the latest – discovered by Russian security outfit Doctor Web – is probably one of the more significant to date. Arriving in the form of a trojan, it can aid the loathed Distributed Denial of Service (DDoS) attacks, while also housing the ability to send spam SMS messages and receive commands from the criminals behind them.
The threat has been identified as "Android.DDoS.1.origin” by Doctor Web, and is said to be infiltrating devices by posing as a legitimate app hub. Once it has made its way onto a user’s device, it operates under the guise of the legitimate Play Store app, and like any good scam, it seems very plausible indeed. In fact, when said app is opened, the normal Play Store loads as one would expect, but instead of unlocking the door to the hundreds of thousands of apps available, this is where the trojan really comes into its own.
Once launched, the trojan begins attempting to its Command and Control, or C&C server. Once it has successfully linked up, the criminals can get a hold of the device’s phone number. Not only can this number then be used for purpose of spam, but the malware also has the ability to attack a specified server, which is achieved once the criminals send over the address and the port to the compromised device.
In attacking a server, also referred to as a DDoS, a site gets a rush of traffic from little packets of data sent in bursts, and although one device alone would not be enough to pummel any given site, replication of this system on a large scale could easily do so.
Should the culprit decide to send the SMS command to the device, the recipient can be subject to a deluge of spam. Not only that, but the old faithful trick of getting a device to send messages to premium lines can also land victims with hefty bills – making the scammers a pocketful of cash in the process.
Doctor Web suggest those behind Android.DDoS.1 have gone above and beyond in preventing its detection, and with its ability to spam, scam and attack, it’s one of the more potent malware strains we’ve stumbled across.
There’s no need to panic; there’s no evidence as yet that this particular malware is in heavy distribution. Nevertheless, proceed with the usual dose of caution in order to avoid any kind of malware, such as only using the official methods of obtaining your apps.