detection icon

Short bio

Android/Trojan.Dropper is a malicious app that contains additional malicious app(s) within its payload. The Android/Trojan.Dropper will install the additional malicious app(s) onto an infected mobile device.

On the Android OS, most often the malicious app(s) to be dropped is/are contained within the Android/Trojan.Dropper’s Assets Directory.  The Assets Directory is an optional directory that can be added to an APK to store raw asset files. In the case of a Mobile Trojan Dropper, it contains a malicious APK(s) to be dropped and installed.


In some cases, user’s may recognize app(s) on their mobile device that they don’t recall installing themselves.  Most often though, the dropped app(s) will hide in the background unbeknownst to the user.

Type and source of infection

On the Android OS, an Android/Trojan.Dropper infected APK typically is given a filename of a legitimate app, but has a completely different package name, digital certificate, and code then the app it claims.  It is then distributed through third party app stores.


Infected devices will run the Android/Trojan.Dropper and the dropped malicious app(s) until both/all are uninstalled.


Malwarebytes for Android protects against Android/Trojan.Dropper


These apps can be uninstalled using the mobile devices uninstall functionality, the tricky part is identifying the offending behavior and app. That is where Malwarebytes for Android can help by identifying these apps and remove.

Associated threats

  • Android/Trojan.Dropper.Agent
  • Android/Trojan.Dropper.FakeApp
  • Android/Trojan.Dropper.Gorpo
  • Android/Trojan.Dropper.RealShell
  • Android/Trojan.Dropper.Sadpor
  • Android/Trojan.Dropper.Shedun