Dr. Web experts have uncovered a new Android malware family that has been found to be distributed on Google Play and has infected more than one million devices.
New Android Malware Family Lurks on Google Play
Security experts from Dr. Web have identified a new malware family that has been hiding in an Android app that is being distributed on the Google Play store. Its name is “Multiple Accounts: 2 Accounts” and according to the available statistics the application has been installed on a lot of devices – between 1 and 5 million to this date.
The app is developed by a Chinese company and it is advertised as a dual-account utility that allows the users to login and use two different social media accounts at the same time. Popular services are supported such as WhatsApp, Facebook, Tumblr and etc.
Dr. Web has identified that the app is used as a payload delivery mechanism for a malware family known as Android.MulDrop. The specific strain here is the Android.MuldDrop.924 version. According to the experts this malware has the capability to show ads and install other applications without user consent.
Such malware can introduce other threats to the affected systems. Evolved versions of this Android virus can also enable the criminals to add further damage to the devices by instituting the following potential consequences:
- Payload Delivery – The installation of additional Trojans, viruses, screenlockers and ransomware
- System Manipulation – The criminal manipulation of critical system services which could render damage to certain or all functions of the compromised device
- Remote Control – An advanced version might be able to provide remote control access to the compromised devices
The malware is packed inside two JAR files that are encrypted and hidden in a PNG image that poses as an icon using a steganography approach. When the user runs the application the malware is extracted and executed. The shown ads on the screen generate income for the criminal operators. The malware is also able to root the device at will. Google Play has promptly removed it from the Google Play Store however a lot of users are still affected by the threat as millions of users have installed it when it was live on the app market.
To stay protected we recommend that you uphold good security practices, especially when dealing with the Android platform. For further information you can read our in-depth tutorial on Android security.