Earlier this month, specialists of "Doctor Web" antivirus discovered a set of dangerous Trojan on Android, which can seriously harm the users. This trojan consists of three set of viruses working together, known as:
The first virus known as Android.Loki.1.origin can hide itself in the andrioid system processes, and as a result it is able to operate as a root app and also have full user control of the infected android system. The Android.Loki.1.origin can be downloaded from the Google Play store or via a special affilate link that contains a reference to the account of the hackers affilate apps, the hackers also makes money when people click on the link. Other malicious function of Android.Loki.1.origin are:
- Automatic removal and installation of applications
- Ability to Enable or disable other android applications and their components.
- It can Stop android processes.
- Send notification.
- Ability to track user clicks and activities.
- Automatic update of its components.
The second virus known as Android.Loki.2.origin when installed on a device, can be control by the hackers management control server and can also be used to display advertisements. In addition, the Trojan can collects and sends personal information like:
- Device imei
- Device IMSI
- Device mac address;
- MCC identifier (Mobile Country Code) - a mobile country code
- ID MNC (Mobile Network Code) - mobile network code
- The OS version on the infected android
- Device screen resolution;
- Device Ram (total and free ram);
- kernel Version
- Device model and manufacturer
- firmware version;
- device serial number.
The Android.Loki.2.origin main function is to display advertisement from the hackers control server. Clicking on the advert notification displayed by the Trojan can result in either directing you to a specific site or forcing the user to install an application.
The third Trojan virus known as Android.Loki.3 origin act as a root application for the other two loki virus, it plays the role of a server to run shell scripts and perform commands as a superuser(root)
The 3 Trojans Android.Loki viruses placed some of their hidden files and components in the Android system folders, in which anti-virus does not have access, the only way to remove the virus is by flashing it using a stock firmware/rom. Even a factory reset or system wipe will not remove the virus.
New source: Phonetweakers