Android.Troj.mdk, the Trojan botnet that last week was reported to have infected one million devices, mainly Chinese Android phones, is a new variant of a separate strain of malware, Backscript, researchers say. Read More ..
Both variants of malware use the same certificate to sign APKs, yet Troj.mdk (MDK) uses Advanced Encryption Standard (AES) encryption to stealthily encrypt data like servers and commands.
Like Kingsoft, the Chinese security company that initially reported about the Trojan early last week, Symantec reports the malware can let attackers remotely control their victims’ devices, harvest user data, download APKs and download adware. Yet while Kingsoft found the malware in 7,000 apps, Symantec claims it has detected Backscript in upwards to 11,000 apps, almost twice as many as Kingsoft, since September 2012, security response manager Flora Liu wrote on Symantec’s Security Response blog.