Android/Trojan.Downloader
Short bio
Android/Trojan.Downloader is a malicious app that downloads and installs additional malicious app(s) on a mobile device.
The malicious app(s) to be downloaded are stored on malware servers and accessed via the internet. Many times, the code containing URL(s) to download the malicious app(s) is encrypted.
Symptoms
In some cases, user’s may recognize app(s) on their mobile device that they don’t recall installing themselves. Most often though, the downloaded app(s) will hide in the background unbeknownst to the user.
Type and source of infection
On the Android OS, an Android/Trojan.Downloader infected APK typically is given a filename of a legitimate app, but has a completely different package name, digital certificate, and code then the app it claims. It is then distributed through third party app stores.
Aftermath
Infected devices will run the Android/Trojan.Downloader and the downloaded malicious app(s) until both/all are uninstalled.
Protection
Malwarebytes for Android protects against Android/Trojan.Downloader.
Remediation
These apps can be uninstalled using the mobile devices uninstall functionality, the tricky part is identifying the offending behavior and app. That is where Malwarebytes for Android can help by identifying these apps and remove.
Associated threats
- Android/Trojan.Downloader.Agent
- Android/Trojan.Downloader.Boqx
- Android/Trojan.Downloader.fsm
- Android/Trojan.Downloader.Guerrilla
- Android/Trojan.Downloader.Leech
- Android/Trojan.Downloader.Xolco
- Android/Trojan.AsiaHitGroup