In this year’s first quarter, one Trojan was responsible for 25 percent of attempted infections on Android devices.
Trojan-SMS.AndroidOS.Stealer.a accounted for almost a quarter of attempted infections on Android devices which have the company’s security solutions installed on them, said researchers at Kaspersky Labs.
Most of the infections ended up spotted in Russia, but researchers said Trojan-SMS.AndroidOS.Stealer.a is capable of targeting users from numerous countries, including Belgium, France, Latvia, Lithuania, Ukraine, Belarus, Germany, Armenia, Azerbaijan, Kyrgyzstan and Kazakhstan.
The Trojan, which cybercriminals distribute by disguising it as legitimate Android apps, contacts its command and control server (C&C) and waits for commands. The C&C can command it to change the server, send SMSs, delete incoming messages, update itself, upload information on the phone and applications, and intercept messages.
The threat’s configuration file ends up distributed along with the malware, instead of being somewhere online. This enables the Trojan to operate even if it can’t find a connection to the Web.
The configuration file can order the malware to open a web page, get geographic coordinates, send SMSs with a certain message to a specified number, install applications, create shortcuts and more.
A complete description of the commands accepted by Trojan-SMS.AndroidOS.Stealer.a is available on Kaspersky’s Securelist blog.