Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Virus library

An analysis of the technologies used by cybercriminals allows us to draw conclusions about the virus industry’s possible vectors of development and more effectively confront future threats. You, too, can learn what actions various malicious programs take in infected systems and how to withstand them.

Android.Plankton in virus library:

Programs detected as Android.Plankton contain the SDK code (Software Development Kit) of one advertising network used to monetize Android applications. These programs can gather various device-related information (for example, phone number and IMEI) and send it to a remote server. Moreover, they can add bookmarks in a browser and change its start page, create shortcuts on the Home Screen, download and install additional programs, and so on.

An advertising module is implemented as a service that launches once an original application is run. Once the service is active, confidential information is gathered and sent to the server. The server issues commands based on this information. In particular, the module can receive an URL to download and install APKs that look as follows: plankton_v[package.version].jar (for example, plankton_v0.0.3.jar and plankton_v0.0.4.jar). These applications, which are also detected as Android.Plankton, serve the purpose of executing commands received from the command and control server. The packages launch using the DexClassLoader method that allows dynamic load of programs into the RAM without an appropriate prompt being displayed.

Later modifications of the SDK cannot download additional program packages and do not have some other features. However, they are still unwanted for the majority of users and, therefore, these later modifications are detected not as malware but as adware applications under the name of Adware.Startapp.

Vulnerabilities for Android

According to statistics, every fifth program for Android contains a vulnerability (or, in other words, a "loophole") that lets cybercriminals successfully introduce Trojans onto mobile devices and manipulate them into doing whatever actions they need them to.

Dr.Web Security Auditor for Android diagnoses and analyses a mobile device’s security and offers solutions to address security problems and vulnerabilities.

The Russian developer of Dr.Web anti-viruses
Doctor Web has been developing anti-virus software since 1992
Dr.Web is trusted by users around the world in 200+ countries
The company has delivered an anti-virus as a service since 2007
24/7 tech support

Dr.Web © Doctor Web
2003 — 2021

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125124