Android.Dropdialer Identified on Google Play

Android.Dropdialer Identified on Google Play

Norton by Symantec have drawn our attention to the fact that they have identified a new malware posted to the official Google Play market.

Masquerading as two popular games titles, Super Mario Bros and GTA 3 Moscow City, they were posted to Google Play on June 24 and since then have generated in the range of 50,000  to 100,000 downloads.

Symantec say:

What is most interesting about this Trojan is the fact that the threat managed to stay on Google Play for such a long time, clocking up some serious download figures before being discovered. Our suspicion is that this was probably due to the remote payload employed by this Trojan.

In the case of Android.Dropdialer, the first stage was posted on Google Play. Once installed, it would download an additional package, hosted on Dropbox, called ‘Activator.apk’.

This additional package sends SMS messages to a premium-rate number. An interesting feature of the secondary payload is that it prompts to uninstall itself after sending out the premium SMS messages—an obvious attempt at hiding the true intent of the malicious app. The premium SMS is targeting Eastern Europe.

This discovery highlights the real need for a decent security package on your handset, with the growing popularity of the Android OS and the openness of the market threats such as this are becoming ever more prominent.

For full information see the blog post here.


Many thanks to Symantec for the heads up.