Fake Android App Carries Trojan, Can Launch DDoS Attacks From Infected Device

By Alexandra Burlacu email: a.burlacu@mobilenapps.com | Dec 30, 2012 11:27 AM EST

Share This Story

  • Print
  • Email

Researchers have found a new Trojan app in the Google Play store that can launch Distributed Denial of Service (DDoS) attacks from the infected device.

The malware can also receive commands from criminals, as well as send text messages from the infected device for spamming purposes.

Follow us

Russian security firm Doctor Web has detected the threat as "Android.DDoS.1.origin," and said it likely spreads via social engineering tricks. According to the firm, the malicious app disguises itself as a legitimate app from Google.

Once the app is installed on an Android device, it creates an icon that resembles the one for Google Play. To further conceal suspicious activity, tapping this icon will even launch Google Play.

Once the app is launched, however, the Trojan immediately tries to make a connection with its Command and Control (C&C) server. If it manages to connect successfully, it sends the victim's phone number to the criminals and then awaits instructions sent by text message.

The malware has two main functions: start a DDoS attack on a specified server (criminals send over the server's address and the port), and send a text message (criminals send over the text message and the number to which it should be sent).

When it receives a DDoS attack command, the malware starts sending data packets to the specified address. While one affected mobile user would not be able to hurt a site singlehandedly, if the malware hits enough Android devices and target a Web site at the same time, they could potentially take it down.

Meanwhile, when the malware receives a command to send an SMS, it immediately spams the recipient. The infected device can incur unexpected charges for accessing the Internet and sending text messages, and it can also work at a significantly reduced performance.

According to Doctor Web, the origin of the Android.DDoS.1 code is greatly obfuscated, meaning the criminals behind the malware went to great lengths to hide the app's true function. Considering that the app can be used for attacking Web sites, spamming products, or drawing revenues by sending large amounts of text messages to premium numbers, hiding the app's true function makes sense.

It is also worth noting that there are no signs yet that indicate this threat is spreading at a rapid pace or that it is being rapidly distributed. On the other hand, an Android app used as a DDoS attack tool poses significant risks. Therefore, Android users should be very careful when downloading apps to their devices, and use only legitimate apps from trusted sources on Google Play.

Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

© 2013 Mobile & Apps All rights reserved. Do not reproduce without permission.

Featured Video : Ericsson Announces World-Leading Launches Ahead of Mobile World Congress 2014

Join Our Conversation

AT&T GoPhoneAT&T GoPhone customers get more data, new Wi-Fi hotspot option at no additional cost
iPhone 5S sale: $99.99 on-contract with AT&T, Verizon, or Sprint from Radio Shack
Siri ‘GoogolPlex’ hack adds lots of great new functionality – Here’s how and what you can do
Sony Xperia Z2 Compact leaked images reveal promising details
Tablet / Laptop / PC
Dell Venue 7 and Venue 8Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Amazon LogoAmazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC LogoHTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google DowntimeGoogle blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
Chrome Remote Desktop app for AndroidChrome Remote Desktop for Android now available for free from Google Play
Adobe Lightroom mobile hits the iPad, coming soon to iPhones
Apple updates Mac iWork for iCloud suite – What’s new in Pages, Numbers and Keynote?
Microsoft launches Office for iPad, makes Office Mobile free on Android and iPhones
Copyright © 2014 Mobile & Apps All rights reserved. mobilenapps