Threat Report: Mild-Mannered Android Trojan Seeks to Avoid Notice

Android Trojan Seeks to Avoid Notice

One warning sign that the Android app you’re installing might be a Trojan is that it demands far more permissions than would be required to perform its stated task. That flashlight app that wants to access your contacts list is a prime example. But not every Android Trojan has the same gluttonous appetite for permissions. Our friends atMalwarebytes have identified an interesting case, a Trojan that minimizes its permissions footprint in order to escape notice.

They’ve given this Trojan the bland name Trojan.Downloader.Agent.gp. I was hoping for something zingier, like Caffeine.Penguin.XL5, but given this Trojan’s aim to fly below the radar, an unassuming name makes sense. I’ll just call it Agent GP, for short.

Show Me the Money

Malware writers want to make money, and there are plenty of ways malicious software can pull in cash. Some resort to high-risk, high-reward behaviors like stealing bank passwords or sending premium-rate SMS messages. Mild-mannered Agent GP just pushes traffic to certain advertising URLs. According to Malwarebytes’s researchers, the ads served up by this Trojan are typically “those that offer free items or service quotes and request personal data from the victim, like email, phone and address.”

Trojanized versions of legitimate apps from the Google Play store serve to spread this ad-spewing program. It uses the original app’s package name and digital certificate name, in hopes of looking legitimate to both users and researchers. Only by checking the file hash, an identifier that’s unique to any given file, would researchers notice the substitution. Of course, disassembling the trojanized app would reveal the malicious code.

Don’t Stray from Google Play
As you might guess, apps infested by Agent GP won’t get past Google’s malware detectors. You won’t find them in the Google Play store. The researchers only found them distributed via third party app stores or through file sharing systems. If you stick with Google Play, you’ll avoid the vast majority of Android malware.

It is true, though, that the occasional threat makes it into Google Play, if only for a while. To be doubly sure of protection, you should install malware protection on your Android device. Bitdefender Mobile Security and Antivirus and avast! Mobile Security & Antivirus are our Editors’ Choice products for Android security. The avast! product is free, as is Malwarebytes Anti-Malware, so cost is no concern. If your Android is unprotected, now’s the time to install a security product.