A new Android Trojan called Android.DDoS.1.origin is a piece of malware that works for various malicious tasks, including to launch distributed denial-of-service (DDoS) attacks and to send SMS messages.
While it remains uncertain how the Trojan distributes, security researchers from Russian firm Doctor Web believe cybercriminals might be disguising it as a legitimate Android application.
Once installed on a smartphone, the malware creates a fake Google Play icon on the desktop. When executed, this shortcut opens the real Google Play in order to avoid raising any suspicion.
After executing, the Trojan connects to a remote server, sends it the victim’s phone number, and waits for further SMS commands.
The masterminds of Android.DDoS.1.origin can send various SMS commands. One of them orders the infected device to start sending out packets to a certain server, basically launching a DDoS attack against it.
While this only affects the phone’s performance, there are other activities that can occur with this threat. In one case, cybercriminals can order the device to start sending out SMS messages to certain numbers.
These SMSs can sign up the victim for premium mobile services or the messages can work to send out spam.
Messages can also go to premium rate numbers, inflating the victim’s phone bill and implicitly filling the fraudsters’ pockets.
“Activities of the Trojan can lower performance of the infected handset and affect the well-being of its owner, as access to the Internet and SMS are chargeable services. Should the device send messages to premium numbers, malicious activities will cost the user even more,” the researches said.