Library
My library

+ Add to library

Profile

Android.MulDrop.924

Added to the Dr.Web virus database: 2016-11-08

Virus description added:

SHA1:

  • d2c2e64b2e370c3699dbba8b6f22a74ec411f898 (version for Google Play)
  • 3fa10d9f14fb768c278aa6397754f215d38e6781 (version distributed via other application stores)

A Trojan for Android that is distributed via Google Play and other application stores. Android.MulDrop.924 is an application that allows to use several user accounts in games and other applications. However, its main function is to covertly download and display advertisements.

Android.MulDrop.924 Android.MulDrop.924

Part of the Trojan’s functionality is implemented by means of the modules kxqpplatform.jar and main.jar. They are encrypted and embedded into the PNG image icon.png that is located in a resource catalog. Once launched, the Trojan retrieves these components into its local directory in the /data section and loads them to the memory.

The module main.jar contains several advertising plug-ins designed to generate income. One of them is the Trojan Android.DownLoader.451.origin that covertly downloads applications and invites a user to install them. The module is also responsible for advertising.

In another version of Android.MulDrop.924, the module main.jar contains one more malicious plug-in that is detected as Android.Triada.99. It downloads exploits and uses them to get root privileges. In addition, this module can download and install various software programs.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android