Android/Trojan.Downloader

detection icon

Short bio

Android/Trojan.Downloader is a malicious app that downloads and installs additional malicious app(s) on a mobile device.

The malicious app(s) to be downloaded are stored on malware servers and accessed via the internet.  Many times, the code containing URL(s) to download the malicious app(s) is encrypted.

Symptoms

In some cases, user’s may recognize app(s) on their mobile device that they don’t recall installing themselves.  Most often though, the downloaded app(s) will hide in the background unbeknownst to the user.

Type and source of infection

On the Android OS, an Android/Trojan.Downloader infected APK typically is given a filename of a legitimate app, but has a completely different package name, digital certificate, and code then the app it claims.  It is then distributed through third party app stores.

Aftermath

Infected devices will run the Android/Trojan.Downloader and the downloaded malicious app(s) until both/all are uninstalled.

Protection

Malwarebytes for Android protects against Android/Trojan.Downloader.

Remediation

These apps can be uninstalled using the mobile devices uninstall functionality, the tricky part is identifying the offending behavior and app. That is where Malwarebytes for Android can help by identifying these apps and remove.

Associated threats

  • Android/Trojan.Downloader.Agent
  • Android/Trojan.Downloader.Boqx
  • Android/Trojan.Downloader.fsm
  • Android/Trojan.Downloader.Guerrilla
  • Android/Trojan.Downloader.Leech
  • Android/Trojan.Downloader.Xolco
  • Android/Trojan.AsiaHitGroup