January 22, 2020
Android Trojan disables Google Play Protect, steals owner data, installs adware, and creates fake app reviews

Android Plagued by a Trojan that Disables Google Play Protect, Steals Owner Information, and Even Creates Fake App Reviews

A new Android Trojan is able to turn off Google Play Protect, steal device owner data, display adware, and spawn fake app reviews…

There’s a new threat to Android mobile devices that’s making its way around. It’s called “Trojan-Dropper.AndroidOS.Shopper.a” and it disables Google Play Protect, installs malicious apps, deploys adware, and generates fake reviews.

Android Trojan Disables Google Play Protect, Steals Device Owners’ Data, Installs Adware, and Creates Fake App Reviews

The Android Trojan is heavily obfuscated uses a system icon and the ConfigAPKs name to create the the file name of a legitimate service that’s responsible for app configuration when the device is booted.

Trojan-Dropper.AndroidOS.Shopper.a hit Russia the most, infecting an estimated 28.46 of devices in October through November of last year. Brazil was the second-most infested country, with 18.70 percent and India was third with 14.23 percent.

Once in a victim’s Android device, the malware immediately downloads and decrypts a payload. It then harvests device information, including country, network type, vendor, smartphone model, email address, IMEI, and IMSI.

The malware Trojan can also kill the Google Play Protect service, in addition to installing other malicious apps, install adware, and create fake app reviews. It also has the ability to register people using their Google and Facebook credentials for other applications.

Owen E. Richason IV

Covers social media, apps, search and like news. History buff, movie and theme park lover. Blessed dad and husband. Owen is also a musician and is the founder of Groove Modes.          

View all posts by Owen E. Richason IV →