Android/Trojan.Agent

detection icon

Short bio

Android/Trojan.Agent is a malicious app that runs in the background of a mobile device unbeknownst to the user.  It silently waits for commands from a Command & Control (C&C) sever.  These commands could be anything from stealing and sending personal information to remote servers, to acting as DDoS bots against targeted victims.  On the Android OS, it often hides it presence by not creating an icon to itself, and listing itself a generic name in the mobile devices app list.  Often, it impersonates a system app on the mobile device making it especially difficult to identify.

Symptoms

In some cases, user’s may notice a slowdown in performance from the agent running the background.

Type and source of infection

On the Android OS, an Android/Trojan.Agent infected APK typically is given a filename of a legitimate app, but has a completely different package name, digital certificate, and code then the app it claims.  It is then distributed through third party app stores.

Aftermath

Infected devices will run the Android/Trojan.Agent and the downloaded malicious app(s) until both/all are uninstalled.

Protection

Malwarebytes for Android protects against Android/Trojan.Agent.

Remediation

These apps can be uninstalled using the mobile devices uninstall functionality, the tricky part is identifying the offending behavior and app.  This is especially true for Android/Trojan.Agent.  That is where Malwarebytes for Android can help by identifying these apps and remove.