McAfee researcher Jimmy Shah reported on a company blog that the Trojan changes the phone's security settings to the lowest level, opening the door for other malware to be installed without any warning to users.
The US Computer Emergency Response Team (US-Cert) noted that the Trojan also prevents itself from being deleted and changes the homepage on the user's web browser.
The malicious payload is buried within a number of otherwise legitimate downloads. Infected applications being served on the modified homepage include Google Maps, a number of games and stock-trading software.
Shah explained that the Trojan has been traced back to a single site in China which has since been taken down. The researcher added that, when questioned, the site's administrator had an interesting explanation.
"The maintainer of the website claims that the software was just necessary to collect information on the types of mobiles used to access their site," wrote Shah.
"That would be easier to believe if they had notified the user prior to installation or if they had provided some sort of uninstall method."
US-Cert urged users to install and maintain antivirus software and be wary of applications they install on their mobiles.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
