Android.Spy.277.origin is the name given to a Trojan that was recently added to the virus database of Russian Security firm Doctor Web. It is a Trojan that collects or put more aptly ‘steals’ information from users and delivers advertisements. The Trojan is being distributed through counterfeit versions of popular Android apps. The 104 apps that have the Trojan are available for download through the Google App Store.
These apps that contain the Trojan claim to offer services like photo-editing, wallpapers and the like but very interestingly, these apps do not work as they should. These bogus apps have been downloaded by a humongous 3.2 million users.
Supposedly, this malware works by collecting around 30 pieces of information once the user has downloaded the app containing the Trojan. The information is then transmitted to a remote server which is being operated by the attacker. The information is resent by the Trojan to the attacker’s server every time the app is launched. Doctor Web reports that the information being transmitted to the attacker also includes the phone IMEI number.
In addition to this, Android.Spy.277.origin also tries to intimidate the users by flashing information which further encourages you into installing other unwanted applications to your device. Information like ‘Your battery is too hot’ or ‘Battery badly damage’ makes the users think that their device may be in problem and they should take action immediately. However this is just a tactic to have the user download further malicious apps.
Users who downloaded the affected apps also noticed shortcuts on their home screen which led to sections of the Google Play Store. As soon as Google was notified by Doctor Web, it sprang into action by removing some of the malicious apps. However, Google is still in the process of cleaning the app store completely from this malware, so it is suggested that you use an anti-virus to protect your device from such intrusions.