Android, OS, Security

New Android-Trojan capable of DDoS-attacks

Trojan Android.DDoS.1.origin is capable of DDoS-attacks on various internet resources and can send text messages to the team attacks, says the antivirus company “Doctor Web”.


Once installed on the mobile Android-device, the Trojan creates Android.DDoS.1.origin application icon, with the same icon of Google Play. Which significantly reduces the risk of any suspicion if the user decides to start this application, it will open the original application. Once launched, the Trojan tries to connect to the remote server, if successful, it transmits the mobile phone number of the victim, and then waits for further commands, which criminals send via SMS.

Among the supported directives present attack on the specified server, and sending SMS messages. If you want attack a Web resource using the Trojan, the incoming message is specified by cybercriminals in the form of [server: port]. Upon receipt of such a command Android.DDoS.1.origin starts to send to the address information packets. If a malicious program is required by sending SMS, the command is sent which contains the text of the message and the number to which it should be sent. Such action can reduce the performance of the Trojan infected handsets Android-device, and to influence the well-being of its owner, as access to the Internet and send SMS messages while continuing to pay for services. In addition, the potential to send messages to premium numbers may further affect the financial position of the victim user.

Distribution mechanism of Trojan still remains to be elucidated, but the most probable are social engineering using the image of the official Android-application from Google. Worth noting is that the code of Android.DDoS.1.origin is significantly obfuscated. Taking into account the possibility to carry out an attack on any web resources, as well as the ability to send various text messages to any number, including the number of content providers, we can assume that the malware could be used by its authors not only directly, but also for illegal activities for third parties (eg, for an attack on a competitor’s site, product promotion by sending SMS messages or subscription users of paid services by sending SMS to short numbers).

Tagged , , , ,