It’s one of a small, but growing collection of Trojans that can “root” an Android device, which is shorthand for its ability to gain root-level access. This allows it to do just about anything its owners want it to.
Among other things, the malware can:
• Remove or disable security apps, allowing other infections to be installed
• Reboot the device
• Interact with mobile banking apps
• Access, rename or delete files
• Collect all phone details and send them to remote locations
• Encrypt files
• Steal login credentials from other apps
In other words, it’s about as bad as it gets. Even worse is the fact that the authors of the malware have gone to great lengths to reverse engineer popular apps like Pokemon GO, Telegran, and Subway Surfers, inserting hooks in them which install the Trojan in the background.
While these poisoned apps would never get past the filters on the Google Play store, they can, and are being uploaded to third party app vendors which provide alternate download locations for the most popular apps on the store.
This underscores the importance of a seldom discussed, but critical component of data security. You should have policies in place specifying that any apps your employees download are acquired via the Google Play Store (Android) or the Apple Store (iPhone).
Unfortunately, the third party vendors just don’t have the same level of security, which provides fertile ground for malware like this to take root and spread. The hackers are eager to take full advantage.