SHA1: 738d8b637d6d6e25f5db7cfe7487dd23a4ebcb37
A downloader Trojan that has adware features and targets Android devices. It is distributed under the name of KKBrowser. The main malicious code is incorporated into com.kk.sdk.
Android.DownLoader.171.origin encompasses features of adware and downloader Trojans. Once installed, the malicious program connects to remote command and control servers (http://120.**.73.213:80 http://s.1329***.cc:88) and downloads applications specified by cybercriminals; at that, if Android.DownLoader.171.origin has root privileges, applications are installed automatically (otherwise, a relevant prompt is displayed).
Moreover, the Trojan can stealthily remove programs. Again, if Android.DownLoader.171.origin has elevated privileges, programs are removed automatically (otherwise, the user is asked to give their consent). In addition to that, the Trojan can display fake email message notifications in the status bar. If the user taps such a notification, a website specified by cybercriminals will be loaded in the browser window.
The malicious program scans the system for the presence of Chinese anti-virus software and sends the server the following device-related information:
- Presence of anti-virus programs
- Presence of web browsers (uc, qq, 360, etc.)
- System language
- Internet connection type
- Home page version (internal value of the application)
- Availability of root access
- Information on whether the Trojan is installed in the system folder
- ID
- IMEI
- UUID
- Task_id
- mProduct (product version)
- Package version
- Device model
- Android version
- Advertising module version
- Screen resolution
- Free memory card space
- Free internal memory space
