Researchers at Dr. Web have uncovered new Android adware that arrives as a software development kit (SDK) and has been detected in a number of applications from popular companies, as well as in firmware for nearly 40 mobile devices.
“This trojan, which was named Android.Gmobi.1, is designed as a specialized program package (the SDK platform) usually used either by mobile device manufacturers or by software developers to expand functionality of Android applications," the researchers said. "In particular, this module is able to remotely update the operating system, collect information, display notifications (including advertising ones), and make mobile payments."
The malware siphons off confidential information – including user emails, roaming availability, GPS or mobile network coordinates – and transmits it to a C&C server. The operator of the remote server can then relay back commands – primarily which ads to show and where – but can also command the malware to download and install APK files using a standard system dialog, according to HelpNetSecurity.
Gmobi has been detected in Trend Micro's Dr. Safety and Dr. Booster apps, the ASUS WebStorage apps, and in the system software for Micromax AQ5001 firmware update.
The safest solution, Dr. Web advised, is for those targeted by Android.Gmobi.1 to contact the manufacturer of the device and ask them to release a firmware update without the trojan.