A new Android malware has been found on third party Android markets. Symantec has identified 18 apps that have been Trojanized with the threat and added detection as Android.Vdloader.
Figure 1. List of malicious apps identified
A 3D waterfall wallpaper may be displayed after the threat is installed.
Figure 2. 3D Waterfall wallpaper displayed after installation
The threat is appended to legitimate apps to trick users into downloading and installing it. Once installed, it sends potentially confidential information, such as IMEI, IMSI, compromised device’s phone number, network type, phone type, the name of existing apps installed on the compromised device, and the malicious package that contains the threat, to aabbccddee.com:8080/p.jsp. The server still appears to be accessible. Moreover, the threat also connects to the server to receive commands that include sending SMS messages and downloading additional APKs. Like a lot of other Android malware, the purpose is to charge the victim for premium text messages as well as to download more malware onto the compromised device. However, our analysis indicates that the malware will unable to send SMS messages because of a flaw in the code.
Figure 3. App sending information to aabbccddee.com:8080
As always, Symantec recommends that you only download apps from legitimate and trusted sources and always be suspicious of unusual activity and behavior.