Android Malware that Sucks Bandwidth

[![](http://1.bp.blogspot.com/-oY7RTNMJgRM/TVyNkQHR8cI/AAAAAAAAAU4/HbhIV7BHSYg/s200/android_trojan.jpg)](http://1.bp.blogspot.com/-oY7RTNMJgRM/TVyNkQHR8cI/AAAAAAAAAU4/HbhIV7BHSYg/s1600/android_trojan.jpg)
Mobile malware is still a fringe development, but it’s not inconceivable that you’d run into it. If you use an Android device, here’s one example of what it would look like.
F-Secure describes ADRD, which they detect as Trojan:Android/Adrd.A, in a blog entry. The malware was originally found by Aegislab. F-Secure says that it appears to be distributed only in Chinese markets and may only be specific to Chinese networks.

Below is the application info screen, which doesn’t say much that’s informative.
[![](http://3.bp.blogspot.com/-ySYZoul-Ojw/TVyJa0asxvI/AAAAAAAAAUw/tUT0kI3jNzM/s320/trojan_android_adrd_a_appinfo.png)](http://3.bp.blogspot.com/-ySYZoul-Ojw/TVyJa0asxvI/AAAAAAAAAUw/tUT0kI3jNzM/s1600/trojan_android_adrd_a_appinfo.png)
Both companies say that wallpaper is a common mode of distribution for such apps. Often they are infected repackaged versions of legit wallpaper or some other app.
The app, of course, reserves for itself extensive permissions on the device.
[![](https://2.bp.blogspot.com/-JEAA_bcaDeo/TVyJdIpj7fI/AAAAAAAAAU0/yX6xr2z7Xq0/s320/trojan_android_adrd_a_uninstall.png)](https://2.bp.blogspot.com/-JEAA_bcaDeo/TVyJdIpj7fI/AAAAAAAAAU0/yX6xr2z7Xq0/s1600/trojan_android_adrd_a_uninstall.png)
The program contacts a host in the background, downloads a list of search URLs and then performs those searches at random in the background, so it could lead to excessive data charges.