Is your Android Phone infected with an Android Trojan Horse? You’re minding your own business when your Android phone dings and you see that a close friend has texted you a link with some pictures, and most of us would tap the link without even thinking about whether it was unusual that he/ she had suddenly taken up texting selfies, and could unwittingly become victims of a mobile Trojan scam.
Windows Operating system has been the popular victim of Trojan Horses until now. Since the penetration of Smart Phones in the market, the users’ hands never been idle reasons of this smartphones are at high risk of the Trojan programmers to infect the Mobile operating system. Once a user has installed one of the malicious apps, the Trojan collects nearly 30 different types of information about the user’s device and transmits them to a remote server operated by the attacker. An Android Trojan which displays unwanted ads and installs nuisance software on mobile devices has been discovered in all Smartphones. The Trojan module is able to “remotely update the operating system, collect information, display notifications (including advertising ones), and make mobile payments.” Here are many ways to get your mobile device infected with Android Trojan. For example, when you are going to browse online or watch a video on the Internet, you may be tricked into installing an app first which gives you a prompt message that you are missing a plug-in, then it will suggest you to download software called Video Player or Adobe Flash Player update. Once you do that and open the downloaded software, it turns out to be Android Trojan and your phone screen gets locked up right away. On the other hand, the virus can be disguised as a mp4 file or other APK files which are often bundled with spam e-mails without any notice. According to the research, more than 15,000 spam e-mails containing malicious files has hit the inboxes of Android users in the last few days. Users should be more cautious and take necessary measures to avoid such infection on the device.
In some cases, the virus only attacks web browsers instead of taking over the whole phone screen. Android Trojan hijacks your Internet and doesn’t allow you to go online anymore. It also requests users to pay to full access to the phone.
The Trojans are malicious programs that can perform any dangerous actions in your Smartphone and Tablets. For example, this malware can send SMS to premium numbers, can read your SMS, and even block your SMS. Also, it can request USSD codes to activate value added service to cost your money in the Mobile account.
Some Trojan can take Root privileges using vulnerability in your Android Phone and can do any actions. If they gain Android Device Manager Privileges, You can’t detect and uninstall Trojan viruses from your Android Phone. Even some other Android Trojan can steal your private information and leach your mobile data. Once this Trojan has collected all of your personal information, those details are sent back to a database where the information is logged. From there, the hackers of the Trojan can collect those details and use them elsewhere.
Once Trojan is launched, the Trojan transmits the following information on the device to the server:
- OS version
- SDK system version
- Device model
- Screen resolution
- CPU type
- IMEI identifier
- ISO country code
- Android build version
- Cell phone number
- SIM serial number
- User’s location
- Network subtype
- Availability of root access
- The current version number of the Trojan
- Generated unique user ID for phone
- Network connection type
- Mobile network operator
- E-mail address connected to a Google user account
- Google Cloud Messaging identifier (GCM id)
- The “user agent” parameter generated using a special algorithm
- Whether an infected application has administrator privileges
- Name of an infected application
- Presence of a Google Play application on the device
In addition to the initial information sent to the C&C server, there are many more functions that can be requested remotely such as:
- Download an APK and prompt user to install it
- Get call logs
- Get SMS inbox
- Get bookmarks
- Get contacts
- Get list of installed apps
- Lock the screen
- Redirect calls to a specific number
Possible Danger Caused By Android Trojan:
- It will take control of your mobile phone rapidly once it is downloaded.
- It will pretend itself as a legit warning and then ask for a payment.
- It will not allow you to change your phone settings or open Google Play to download antivirus program.
- It may damage your computer data and the Android system.
- It will not let you power off the phone or do anything else except the inputs related to the demand for Money.
How to Remove this Trojan
In order to remove this Trojan, a factory reset is recommended, though it is advised to take the phone to an expert, as different Smart Phones have different methods of initiating a Factory reset or Safe Mode.
Safety Tips to Prevent Infection
- Always install apps from Google play and official sites.
- Turn off Bluetooth if not in use.
- Install reliable mobile security software that automatically scans apps before they run for the first time.
- Take regular backups of your important data on your phone on cloud or external storage devices.
- Before connecting your mobile devices to any computer, ensure that the latter is secure with multi-layered antivirus software.
- Avoid clicking links in unknown and unsolicited e-mails and SMSs.
- Have your mobile apps updated to their latest version. And ensure that your mobile OS is updated too.
eScan strongly recommends Android users to pay careful attention to applications they are going to download, and install programs developed only by reputable companies. eScan for Android effectively detects and removes all known modifications of Android Trojan and, therefore, this malicious program poses no threat to our users.