FakePlayer's fifth birthday, or five years with viruses for Android

In October 2010 was detected Android Trojan FakePlayer A - the first malicious program attacking the Android operating system. Information fell on G DATA SecurityLabs like a bomb. A new era of viruses has begun.

When the uproar and confusion around the worm quieted down a bit, important questions began to appear. Malware attacked Android users for the first time on August 5, 2010. How many people have fallen victim to the virus since then? What tricks did the FakePlayer developer do to fool analysts? How will FakePlayer behave? Our initial assumptions were full of concern. But there were also a few humorous accents. The malicious code was very simple and full of errors. It looked as if the developer collected various scraps of code during one evening, then casually patched them. The authors of the malicious code were so lazy that they did not want to change the name of the standards classes for the new Android project in the Eclipse development environment, delivered at the time by Google: "org.me.androidapplication1". The code also includes the "HelloWorld" class. This is the first exercise performed by most developers learning a new software language.

The virus was decoded quite quickly. The malicious application used the Windows Media Player icon, imitating the popular Microsoft multimedia player. After launching the application, the message - Loading in Russian appeared, and then the infected smartphone sent an SMS to the premium number of USD 10. In the following months, at regular intervals, various variants of the malicious application appeared. In total, there were eight of them, each of them different with the icon and the number of the premium SMS.

In five years, Android viruses have evolved. The current variety of them have a complicated, hidden code, while cybercriminals communicate through anonymous networks. It all makes life difficult for both owners of devices working under the control of the Android operating system and the developers of security applications. But more and more sophisticated methods used by attackers are not the only problem. The amount of malware is growing rapidly. In the second half of 2010, 55 new variants of mobile viruses were detected, but already in the first half of this year there were over one million. (1,000,938). Starting from July 2010 to June 2015, experts counted 3,959,254 new malicious files. Developers of Android malware have long since begun using the rich experience of their colleagues operating on the Windows system. Security companies also use better and better tools to analyze and eliminate malware. The arms race is on. We can finally say, laughing with tears - Happy birthday - FakePlayer!

source: G Data



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.