More than a million Android users have downloaded this trojan on Google Play

Oh look! It’s brought some of its friends, too!

David Bisson
@DMBisson

More than a million users have downloaded a particularly sneaky Android trojan that’s available on the official Google Play Store.

The Russian security firm Doctor Web found that the malware, known as Android.MulDrop.924, likes to disguise itself as games and other apps on Google Play Store and other app marketplaces.

One of its preferred masks is an app called “Multiple Accounts: 2 Accounts.” It allows users to set up multiple accounts for games, email, messaging, and other software on their devices.

Sign up to our newsletter
Security news, advice, and tips.

The app hasn’t received too many bad reviews, either.

No doubt such a good reputation played a part in convincing at least one million users to download it.

The app, which is still available on Google Play, might appear to be benign in functionality. But it hides a dark secret.

Doctor Web explains more:

“The Trojan has a unique modular architecture. Part of its functionality is located in two auxiliary modules, which are encrypted and hidden inside a PNG image in the resource catalog of Android.MulDrop.924. Once launched, the Trojan extracts and copies these modules to its local directory in the section /data and then loads them into the memory.”

Let’s focus on the module “main.jar” in particular. It loads up several plug-ins designed to generate income.

One of those is the trojan Android.DownLoader.451.origin, which is like Android.Slicer.1.origin and Android.Spy.277.origin in that it covertly downloads applications and displays unwanted advertisements on the infected device.

But that’s not all main.jar can carry. Other versions of Android.MulDrop.924 came with Triada, a trojan which leverages exploits to achieve root privileges on the device.

This particular trojan goes to show just how difficult it is sometimes to avoid a malware infection. With that in mind, users should maintain an up-to-date anti-virus solution on their phones and download apps only from trusted developers on Google Play Store.

It’s not a foolproof anti-malware strategy, but it’s your best bet when trojans as clever as Android.MulDrop.924 are out there.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

3 comments on “More than a million Android users have downloaded this trojan on Google Play”

  1. How stupid is this article when at the end it states "…download apps only from trusted developers on Google Play Store." I guess the makers of this app are not trusted then and should be removed. How would the average person even know if the developers are "trusted"? How dump is that?

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.