A new Trojan version from Android Spy family is currently in 155 Android apps that are distributed in the Google Play Store. Once the Trojan infects the device, it collects private information about it and start showing annoying ads. The ads can appear on the top of the phone’s home screen, in other applications or even inside the OS notification area.
Security researchers at Dr.Web are the founders of this new version of Android Spy Trojan. They have also found the names of all apps that are potential plague spots. According to their report over 2.8 million users have already downloaded one of the compromised applications. Even though the experts have informed Google about the threat it seems that many of the apps are not removed from the store yet.
In this article you could find out the list of the names of all compromised apps and stay away from them.
Distribution of Android.Spy.305
Android.Spy.305 is enforced via an advertising Software Development Kit (SDK) platform. The purpose of this platform is to generate earnings from application downloads. It is built-in variety of applications distributed via Google Play and other app stores. The intense increase of mobile malware attacks should alert all Android users to be very careful when downloading applications from app stores. Google Play Store is not an exception even though it was considered reliable.
Commonly used kinds of software applications like photo editors, utilities, live wallpapers, image catalogs, radio apps are among the malicious apps that distribute the Android.Spy.305 Trojan. Currently, the number of risky apps counts 155. The security researchers have registered over 2.8 million downloads. There is evidence of at least seven developers that have implemented the fraudulent practice. Android.Spy.305 is embedded into apps of Fatty Studio, Doril Radio.FM, Gig Mobile, Sigourney Studio, MaxMitek Inc, Finch Peach Mobile Apps, TrueApp Lab, and Mothrr Mobile Apps.
Dr.Web specialists have found Android.Spy.305 in the following apps:
com.greenapp.slowmotion
com.maxmitek.livewallpapernight
com.asem.contactfilter
com.allinOne.openquickly
com.dorilradio.pe
com.fusianart.takescreenshots
com.maxmitek.livewallpapergod
com.gigmobile.booster
com.mobilescreen.recorder
com.mobilescreen.capture
com.fattys.automaticcallrecording
com.maxmitek.livewallpaperbutterfly
com.lollicontact.caller
com.fusianart.doubletapscreen
com.maxmitek.livewallpaperrain
com.dorilradio.ru
com.appworks.browser
com.maxmitek.livewallpaperwinter
com.sgfatty.videoplayerpro
com.trueapppower.battery
com.fattystudiocontacts.bassbooster
com.mobiletool.rootchecker
com.magicapp.reversevideo
com.maxmitek.livewallpaperchristmas
com.live3d.wallpaperlite
com.maxmitek.flowerwallpaper
com.maxmitek.livewallpaperaquariumfishfish
com.maxmitek.nightwallpapers
com.vmh.crackyourscreen
com.nicewallpaper.s6wallpaper
com.maxmitek.sunsetwallpaper
com.nicewallpaper.supercar
com.maxmitek.lovewallpaper
com.maxmitek.livewallpaperdolphins
com.nicewallpaper.beautigirl
com.maxmitek.beachwallpaper
com.maxmitek.livewallpapernewyear
com.maxmitek.livewallpapergalaxy
com.maxmitek.livewallpaper3d
com.maxmitek.livewallpaperwaterfall
com.maxmitek.wallpaperhalloween
com.maxmitek.catwallpaper
com.fattysgui.beautyfont
com.fattystudioringtone.mp3cutter
com.fattystudio.convertertomp3
com.fattystudio.pictureeditor
com.gig.wifidoctor
com.minibackup.contacttranfer
com.greenapp.voicerecorder
com.glade.batterysaver
com.beatstudio.awcapture
com.mothrrmobile.volume
com.trueapplab.fastlauncher
net.camspecial.clonecamera
com.sunny.text2photo
com.converttool.videomp3
com.foto.proeditor
com.appworks.djmixonline
com.appworksui.myfonts
com.appworks.crackyourscreen
com.appworkscontact.instadownloader
com.rartool.superextract
com.easytool.screenoff
net.electronic.alarmclock
com.finchpeach.heartrate
com.finchpeach.weatherpro
net.dotcom.cpuinfo
com.finchpeach.wifihotspotfree
net.brscreen.filter
com.evin.translator
com.dorilradio.ua
com.dorilradio.ir
com.dorilradio.pk
com.dorilradio.sm
com.dorilradio.me
com.dorilradio.sv
com.dorilradio.sr
com.dorilradio.sk
com.dorilradio.sl
com.dorilradio.sg
com.dorilradio.py
com.dorilradio.pr
com.dorilradio.pa
com.dorilradio.mc
com.dorilradio.lu
com.dorilradio.lt
com.dorilradio.lv
com.dorilradio.li
com.dorilradio.de
com.dorilradio.kr
com.dorilradio.is
com.dorilradio.il
com.dorilradio.hn
com.dorilradio.ht
com.dorilradio.gh
com.dorilradio.hn
com.dorilradio.ht
com.dorilradio.gh
com.dorilradio.ec
com.dorilradio.fi
com.dorilradio.doo
com.dorilradio.cz
com.dorilradio.cy
com.dorilradio.cr
com.dorilradio.bo
com.dorilradio.th
com.dorilradio.br
com.dorilradio.gr
com.dorilradio.es
com.dorilradio.nl
com.dorilradio.be
com.dorilradio.id
com.dorilradio.pl
com.dorilradio.tr
com.dorilradio.mx
com.dorilradio.gt
com.dorilradio.hu
com.dorilradio.nz
com.dorilradio.pt
com.dorilradio.ch
com.dorilradio.ro
com.dorilradio.rs
com.dorilradio.eg
com.dorilradio.lk
com.dorilradio.my
com.dorilradio.tn
com.dorilradio.tw
com.dorilradio.no
com.dorilradio.za
com.dorilradio.ba
com.dorilradio.bg
com.dorilradio.hr
com.dorilradio.dk
com.dorilradio.in
com.dorilradio.ie
com.dorilradio.ph
com.dorilradio.ar
com.dorilradio.cl
com.dorilradio.co
com.dorilradio.ve
com.dorilradio.sn
com.dorilradio.uy
com.dorilradio.ma
com.dorilradio.se
com.dorilradio.ng
com.dorilradio.dz
com.dorilradio.ke
com.dorilradio.it
com.dorilradio.cn
com.dorilradio.ca
com.dorilradio.jp
com.dorilradio.fr
com.dorilradio.au
com.dorilradio.uk
com.dorilradio.us
The Malicious Impact of Android.Spy.305 Trojan
It seems that once the malicious app is launched on your device, Android.Spy.305 connects to its command and control (C&C) server and sends a request. Then another module that contains the malicious payload of the threat is downloaded. When Android.Spy.305 is executed it starts to collect the following information on the user’s device:
- Screen resolution
- Email address connected to the Google user account
- List of installed applications
- OS version
- IMEI identifier
- Current system language
- Name of the device manufacturer
- Mobile device model
- Mobile network operator
- Name of the application containing the Trojan
- Developer’s ID
- SDK platform’s version
Next, it sends the gathered information to its C&C server.
The main purpose of this Trojan is to deliver annoying advertisements. The ads pop up on the home screen, on top of running applications and on the operating system interface. It is best to avoid clicking on these ads. Furthermore, Android.Spy.305 Trojan may display pop-up messages and try to convince the user to download other programs. The pop-up messages may claim that the device is infected with malware.
Unfortunately, sometimes even Google Paly Store is not an entirely secure source of software for Android as mentioned before. Various types of malicious software try to endanger Android users. Android.Spy.305 Trojan is yet another proof. The intense emerge of new devastating threats should alert Android users to be extra cautious before downloading software. Always pay attention to negative feedback from other users and download software created only by trusted developers.