Those of you with an Android device should be on the lookout, the security firm Dr. Web is warning users of a new trojan that disguises itself using the Google Play icon. Dubbed Android.DDoS.1.origin, the malware creates an application icon that looks just like the Google Play icon. When opened, the malware actually opens Google Play, helping disguise the malicious activity taking place in the background.
Once Android.DDoS.1.origin is running, it attempts to connect to a remote server and sends the device’s phone number down the pipeline. If successfully connected, the device is now compromised, and remains in a state awaiting commands from whoever is on the receiving end of the phone number. The cyber hooligans can then make the compromised device send SMS messages, or perform DDoS attacks on a specified target.
Aside from having your device compromised and responsible for a DDoS attack, the criminals controlling the device could also run up SMS and data charges depending on how frequently they send messages and perform DDoS attacks. Of course, the frequency and intensity of this malicious activity could affect the performance of a compromised device, based on simple processor and memory allocations and usage.
At the moment, Dr. Web reports that how the trojan spreads is unclear, but is most likely spread through social media tactics, getting users to download the code themselves in some manner.
As one might expect of a security company, Dr. Web notes that users running Dr. Web products for Android will be protected from the trojan. If you aren’t cool with that, just pay attention to what you download, or don’t enable the feature that allows you to download apps that didn’t come from the Google Play store.