A new Android Trojan is able to turn off Google Play Protect, steal device owner data, display adware, and spawn fake app reviews…
There’s a new threat to Android mobile devices that’s making its way around. It’s called “Trojan-Dropper.AndroidOS.Shopper.a” and it disables Google Play Protect, installs malicious apps, deploys adware, and generates fake reviews.
Android Trojan Disables Google Play Protect, Steals Device Owners’ Data, Installs Adware, and Creates Fake App Reviews
The Android Trojan is heavily obfuscated uses a system icon and the ConfigAPKs name to create the the file name of a legitimate service that’s responsible for app configuration when the device is booted.
Trojan-Dropper.AndroidOS.Shopper.a hit Russia the most, infecting an estimated 28.46 of devices in October through November of last year. Brazil was the second-most infested country, with 18.70 percent and India was third with 14.23 percent.
Once in a victim’s Android device, the malware immediately downloads and decrypts a payload. It then harvests device information, including country, network type, vendor, smartphone model, email address, IMEI, and IMSI.
The malware Trojan can also kill the Google Play Protect service, in addition to installing other malicious apps, install adware, and create fake app reviews. It also has the ability to register people using their Google and Facebook credentials for other applications.