More than a million Android users have downloaded this trojan on Google Play

Oh look! It’s brought some of its friends, too!

David bisson
David Bisson

More than a million Android users have downloaded this trojan on Google Play

More than a million users have downloaded a particularly sneaky Android trojan that’s available on the official Google Play Store.

The Russian security firm Doctor Web found that the malware, known as Android.MulDrop.924, likes to disguise itself as games and other apps on Google Play Store and other app marketplaces.

One of its preferred masks is an app called “Multiple Accounts: 2 Accounts.” It allows users to set up multiple accounts for games, email, messaging, and other software on their devices.

Sign up to our free newsletter.
Security news, advice, and tips.

The app hasn’t received too many bad reviews, either.

Screen shot 2016 11 14 at 9 30 54 am

No doubt such a good reputation played a part in convincing at least one million users to download it.

Screen shot 2016 11 14 at 9 31 21 am

The app, which is still available on Google Play, might appear to be benign in functionality. But it hides a dark secret.

Doctor Web explains more:

“The Trojan has a unique modular architecture. Part of its functionality is located in two auxiliary modules, which are encrypted and hidden inside a PNG image in the resource catalog of Android.MulDrop.924. Once launched, the Trojan extracts and copies these modules to its local directory in the section /data and then loads them into the memory.”

Let’s focus on the module “main.jar” in particular. It loads up several plug-ins designed to generate income.

One of those is the trojan Android.DownLoader.451.origin, which is like Android.Slicer.1.origin and Android.Spy.277.origin in that it covertly downloads applications and displays unwanted advertisements on the infected device.

But that’s not all main.jar can carry. Other versions of Android.MulDrop.924 came with Triada, a trojan which leverages exploits to achieve root privileges on the device.

This particular trojan goes to show just how difficult it is sometimes to avoid a malware infection. With that in mind, users should maintain an up-to-date anti-virus solution on their phones and download apps only from trusted developers on Google Play Store.

It’s not a foolproof anti-malware strategy, but it’s your best bet when trojans as clever as Android.MulDrop.924 are out there.

David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

3 comments on “More than a million Android users have downloaded this trojan on Google Play”

  1. JustAGuy

    How stupid is this article when at the end it states "…download apps only from trusted developers on Google Play Store." I guess the makers of this app are not trusted then and should be removed. How would the average person even know if the developers are "trusted"? How dump is that?

  2. no reply

    So has Google removed this from their store ? Or just letting it sit there for others to download.

  3. dave

    Yep, it's still there, just checked

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.