A popular mobile PDF creator that has been downloaded from
Google Play more than 100 million times was found to have a malicious dropper
component included.Kaspersky researchers Igor Golovin, Anton Kivva are reporting that
an examination of Phone PDF creator found a malicious dropper component in the
apps advertising library. One very similar what some malware that came
pre-installed on Chinese-made smartphones. The component, identified by
Kaspersky as Trojan-Dropper.AndroidOS.Necro.n., was reported to Google and
removed from the app store.One of the clues that something was amiss with Phone PDF
were the negative comments recently left on its Google Play site of users
complaining it did not work properly.The malware’s functionality is relatively straight forward.
When the app is run the dropper downloads and decrypts the malicious code
contained in the mutter.zip file. A file named “comparison”, which also
contains the URLs of the command and control servers, is then decrypted. The app
then downloads and executes an additional module of malware and begins
operation.Essentially, the dropper enables the cybercriminals to
download a payload that will allow them to do as they wish with the device from
showing the victim unwanted advertising to stealing money from their mobile
account by charging paid subscriptions.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds