Android.Moghava spoils the photos on Android-devices

The company "Doctor Web," said the emergence of new threats to the operating system Android, which received the name Android.Moghava. The worm searches for the mobile device is connected to a memory card images in JPEG format and modify them. This malware, presumably, was founded in Iran and spread to the informal sites of collections of software for Android under the name of Iranian Foods. Unlike many other Trojans for the mobile platform, Android.Moghava not focused on the extraction of commercial benefit to attackers.

Malicious functions are contained in a module that is installed as a service named stamper. Run after a certain period of time, the service searches for JPEG images on a memory card device - namely, in the folder / DCIM / Camera /, which are stored by default pictures on the camera device. If the Trojan finds a graphic files for each image it imposes additional image with a portrait of Ayatollah Khomeini. Despite the fact that the signature of the threat added to Dr.Web virus database for Android Anti-spam and Dr.Web for Android Light and the Trojan successfully removed with scanning devices, damaged photos in most cases will not be reversed. In addition, unauthorized addition to the graphic file additional images significantly increases their size, which often leads to overflow a memory card or a marked reduction of free space on it.