"Persistent" SMS-Trojan for Android prevents their removal


The company "Doctor Web," warns the distribution of another Trojan family Android.SmsSend (native to China), designed to send SMS-messages with higher wage costs. A feature of this Trojan is its multiple access requirements to the list administrator mobile device, under certain conditions, can significantly hinder its removal. Unlike most malware family Android.SmsSend, propagating malicious directly, Android.SmsSend.186.origin hits the user's mobile device with dropper containing within itself a software package Trojan. Dropper Android.MulDrop.5.origin hiding in a variety of "live wallpaper" and the installation does not require special permissions, so users should not have any suspicions.

After starting Android.MulDrop.5.origin shows a message in Chinese, which proposes a set of components. If the user agrees to do so, the installation process begins dropper trojan hidden inside the application. For the work Android.SmsSend.186.origin requires access to a large number of functions and careless user may well provide it. Malicious software after installing it requests access to the administrative features of mobile devices on the pretext that this will save a lot of battery power. Given that Android.SmsSend.186.origin uses a name similar to the name of one of the system applications, the necessary powers to him, most likely, will be provided. If the user refuses to provide the required authorization Trojan, it will ask them again and again until the owner Android-devices do not give up.

Besides the function of sending SMS-messages to premium rate numbers, Android.SmsSend.186.origin attackers can send incoming SMS, which potentially carries the risk of disclosure of personal information of users. However, this Trojan primarily interested in the fact that in some cases the administrator mode enabled mobile device, it is actually an opportunity to oppose their removal, because when such attempts a user back to the main screen of the mobile device. In this case, you must open the list of recently launched applications, hold the function button "Home" and select the latter caused the system settings. Should repeat this algorithm as long as needed to remove Trojan action fails. Experts said the "Doctor Web", is the first known instance where a malicious program for Android attempts active opposition against it.