Android VDloader app-push malware in circulation

July 31, 2012

The folks over at NQ Mobile’s Security Research Center have just discovered a new Android malware, which can not only push other apps, but the upgraded version of itself to users. NQ Mobile named this malware *VDloader. After analyzing a great number of app-push malwares, VDloader is the first mobile malware which has the ability to auto-update, bringing a serious threat to Android users.

*Note: VDloader can only be currently found on third-party Android app markets in China. The Google Play Store is unaffected by this rogue app at this time.

How does VDloader work? This malware injects into normal applications to hide and broadcast itself. You cannot see the corresponding icon in the application table. It starts the service when the signal change is captured, connects the Internet to acquire commands from the server, and downloads application packages without the users’ knowledge. Unlike other promoting applications, the downloaded applications are infected by the malware. This malware disguises itself as SMS notifications to mislead users. It not only causes data flow consumption (not so good if you are on a limited data plan :( ) and financial loss, but also brings a much more serious security threats into users’ Android devices. See below:



Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.