SHA1:
- bbf06f78d5618a77d43b0e4b007f9d76a82f256c
A Trojan for Android mobile devices. Its primary purpose is to show ads on the screen of the affected device.
Android.HiddenAds.728 poses as the system software Alarm Manager. The malware may be downloaded and installed by the Trojan Android.DownLoader.819.origin, which obtains it from the server https://cdn.*****.us.
After the first launch, Android.HiddenAds.728 displays an application startup window for a few seconds, then closes the window and removes its icon from the app list on the home screen.
To autorun, the Trojan monitors the following system events:
- android.net.conn.CONNECTIVITY_CHANGE—Internet connection or disconnection.
- android.intent.action.BOOT_COMPLETED—operating system loading.
After the successful launch, Android.HiddenAds.728 registers a broadcast receiver to receive the android.intent.action.SCREEN_ON system event and thus monitor when the device screen powers up. Every time the screen of the infected smartphone or tablet is active, the Trojan downloads and displays ads using the com.google.android.gms.ads.InterstitialAd class.