A new Android Trojan that first paves the way for the download of other apps and them effects it has been spotted lurking on third-party websites, camouflaged as legitimate file managing, ad blocking, and performance boosting apps.
According to Lookout researchers, the Gamex Trojan’s functionality is split across three components.
Once the downloaded app repackaged with the Trojan is granted root access by the user, the malware takes advantage of this permission to install another app onto the device, which then functions as a privileged installation service.
“A third component communicates with a remote server, downloads apps, and triggers their installation. Gamex also reports the installation of these applications, along with the IMEI and IMSI, to a remote server,” the researchers explain.
“We believe that this information is used to operate and/or report installations to a malicious affiliate app promotion network.”
As always, users are advised to restrict their app downloading to trusted sources, check the permissions each app asks for thoroughly, keep their firmware updated, and be on the lookout for their devices behaving in an unusual manner.