The folks over at NQ Mobile’s Security Research Center have just discovered a new Android malware, which can not only push other apps, but the upgraded version of itself to users. NQ Mobile named this malware *VDloader. After analyzing a great number of app-push malwares, VDloader is the first mobile malware which has the ability to auto-update, bringing a serious threat to Android users.
*Note: VDloader can only be currently found on third-party Android app markets in China. The Google Play Store is unaffected by this rogue app at this time.
How does VDloader work? This malware injects into normal applications to hide and broadcast itself. You cannot see the corresponding icon in the application table. It starts the service when the signal change is captured, connects the Internet to acquire commands from the server, and downloads application packages without the users’ knowledge. Unlike other promoting applications, the downloaded applications are infected by the malware. This malware disguises itself as SMS notifications to mislead users. It not only causes data flow consumption (not so good if you are on a limited data plan ) and financial loss, but also brings a much more serious security threats into users’ Android devices. See below: