Application Security IT Security Outsourced IT

Android Trojans

What are Android Trojans?

Android trojans are malware applications that can perform a variety of malicious activities through your Android device. Two recent large-scale Android trojan attacks include:

Nexus Android Trojan. The authors of the Nexus Android Trojan have made the malware available to other threat actors via a malware-as-a-service (MaaS) program, where individuals and groups can rent or subscribe to the malware and use it in their own attacks. A threat actor targeted customers of 450 banks and cryptocurrency services worldwide with this dangerous Android trojan that has multiple features for hijacking online accounts and potentially siphoning funds out of them1.

GravityRAT Android Trojan. GravityRAT is a Remote Access Trojan (RAT) used by threat actors to access end devices remotely. GravityRAT was found to be disguising itself as messaging apps, providing legitimate chat functionality, while also having the ability to exfiltrate WhatsApp backups and receive commands to delete files.2 The chat apps are distributed through rogue websites promoting free messaging services. Potential targets are contacted on Facebook and Instagram with the goal of tricking them into clicking on the links and downloading the malicious apps. GravityRAT requests intrusive permissions to harvest sensitive information such as contacts, SMSs, call logs, files, location data, and audio recordings without the victim’s knowledge. The captured data is ultimately exfiltrated to a remote server under the threat actor’s control. Once the attacker installs it on a targeted device, the spyware can perform a wide range of malicious activities that enables cyberattackers to exfiltrate sensitive data, spy on the victim, track their location, steal WhatsApp backup files, and delete call logs, contact lists, and files with certain file extensions.

Protect yourself from Android Trojans by noting the following signs of malware on your Android device:

  • Overheating
  • Battery draining quickly
  • Pop-up ads frequently appearing
  • Ads are sometimes too personal
  • Phone performance is slowing
  • Apps are crashing, not opening, or taking a long time to open
  • New apps are appearing
  • Phone bills are higher than expected
  • Data usage is higher than expected
  • Android OS stops receiving updates
  • Android OS has not updated to the latest compatible version

Check for Android malware by doing the following:

  • Go to the Google Play Store app
  • Open the menu button. You can do this by tapping on the three-line icon found in the top-left corner of your screen
  • Select Play Protect
  • Tap Scan. Your device will start checking for Android malware
  • If your device uncovers harmful apps, it will provide an option for removal

1 Vijayan, 2023, “’Nexus’ Android Malware Targets Customers of 450 Financial Institutions Worldwide”

2 Lakshmanan, 2023, ” Warning: GravityRAT Android Trojan Steals WhatsApp Backups and Deletes Files”