The page may not load correctly.
An analysis of the technologies used by cybercriminals allows us to draw conclusions about the virus industry’s possible vectors of development and more effectively confront future threats. You, too, can learn what actions various malicious programs take in infected systems and how to withstand them.
Programs detected as Android.Plankton contain the SDK code (Software Development Kit) of one advertising network used to monetize Android applications. These programs can gather various device-related information (for example, phone number and IMEI) and send it to a remote server. Moreover, they can add bookmarks in a browser and change its start page, create shortcuts on the Home Screen, download and install additional programs, and so on.
An advertising module is implemented as a service that launches once an original application is run. Once the service is active, confidential information is gathered and sent to the server. The server issues commands based on this information. In particular, the module can receive an URL to download and install APKs that look as follows: plankton_v[package.version].jar (for example, plankton_v0.0.3.jar and plankton_v0.0.4.jar). These applications, which are also detected as Android.Plankton, serve the purpose of executing commands received from the command and control server. The packages launch using the DexClassLoader method that allows dynamic load of programs into the RAM without an appropriate prompt being displayed.
Later modifications of the SDK cannot download additional program packages and do not have some other features. However, they are still unwanted for the majority of users and, therefore, these later modifications are detected not as malware but as adware applications under the name of Adware.Startapp.
According to statistics, every fifth program for Android contains a vulnerability (or, in other words, a "loophole") that lets cybercriminals successfully introduce Trojans onto mobile devices and manipulate them into doing whatever actions they need them to.
Dr.Web Security Auditor for Android diagnoses and analyses a mobile device’s security and offers solutions to address security problems and vulnerabilities.
Doctor Web is a Russian cybersecurity company focused on threat detection, prevention and response technologies.
Doctor Web in social networksLink accounts