Categories: Security

TrojanFlyer Malware Detected: Affects 120,000 Android Phones

PSafe’s Threat Analysts have discovered a malicious malware that infected at least 8 apps in Google Play. The malware, named TrojanFlyer, has the potential to affect at least 120,000 Android users, possibly more. If you don’t have Full Virus scan activated, do so now, to safeguard your Android device from these kinds of vicious attacks.

The mistake that app users make is assuming that only one or two apps are infected, concluding that suspicious apps fall into the same category on Google Play, or are produced by the same developer.

Not so with TrojanFlyer. In this latest attack, cyber criminals used clever methods by corrupting several apps in different categories carrying the same malware.

These developer names popped up across the 8 apps: Chet Grode, DenSavin, Lakov Kay. The apps were a QR code reader, wallpaper, battery optimizer, and photo galleries of beautiful women.

These 8 app packages were the culprits:

  • com.appmasteringsoft.qrcodefree
  • com.boxedstudiolow.wallhdplus
  • com.lightboostcleaner.app
  • com.ivoice.voicecallsrecorderapp
  • com.microtikappstudio.wallalbumsfree
  • vn.smartringtonesapp
  • com.exfrontvisuals.hdimagesfree
  • Com.esterightsapps.wallcollectionfree

After users initially downloaded these apps, they behaved normally, while in the background the malware was already running, using a service to start the APP which takes over a user’s entire operating system.

The malware used a developer’s tool called AlarmManager to monitor if a smartphone is turned on and has a WiFi connection. Once an Internet connection is established, hackers downloaded the second part of the malware.

Next, the malware gained further control through permissions. These apps asked users permission to make calls, access SMS information and call history, as well as, access a user’s filing storage system, including personal photos.

Once the malware gained control, it could gain access to the entire device’s contents. Including, call history:

Contact list:

SMS history:

Number of photos and photo storage:

The scary result is criminals had full control of a smartphone with TrojanFly, being able to access personal information, private photos, make calls, send text messages, or infiltrate banking apps.

With the latest Android 6.0/7.0 updates, permissions for your apps has certainly changed, but always be cautious which permissions you allow. Ensure the permissions fit the purpose of the app.

If you’re being asked for access to your contacts list, for example, and you’re unsure, always delete the app immediately and activate a trusted antivirus app.

PSafe’s DFNDR security app deters 65,000 instances of malware and 700,000 suspicious links a day. We strive to offer the most robust protection for your Android device. Find our full suite of products on the Google Play store now.

 

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.

Recent Posts

Vulnerabilities in Cyber Security: what they are and how to fix them?

Learn all about one of the hackers' favorite breach method and keep your company safe…

1 year ago

3 ways to recover deleted photos on Android

Have you ever wondered how to recover deleted photos on Android? After all, the lack…

1 year ago

What is worm?

Digital worms are among the most serious threats in the wild kingdom of the Internet.

2 years ago

Spoofing: What’s it all about?

Spoofing is a fairly sophisticated virtual scam that can fool even the most cautious and…

2 years ago

Careful With That QR Code! Five Steps For QR Code Safety

Five Steps to Reduce QR Code Risk! Step one? Read this article…

2 years ago

Pharming: Phishing’s Nasty Big Brother

Pharming is creating a new, dangerous brand of impostor syndrome. Check how to avoid pharming…

2 years ago