android-1869510_1280
Android phone on a map. Pexels/Pixabay

A new variant of Android malware has recently been discovered in the Google Play Store. An investigation by Malwarebytes Labs shows that the trojan appears to target mobile users based on where they live. In this case, the malware reportedly targets devices in Asia.

Referred to as Android/Trojan.AsiaHitGroup, the malware variant hides itself in apps that serve different purposes such as for alarm, QR scanning, compass, photo editing, internet speed testing and file exploring. All of these apps, according to the report, were last updated between October and November of this year.

Android malware hides itself after first use

Nathan Collier, writing for the Malwarebytes blog, analysed one of these programs. As soon as it is installed, the malicious app places an icon on the device. As soon as the user taps on the icon, the app changes its name to Download Manager, thereby making it difficult for the device's owner to locate the app after using it for the first time.

The first stage of attack involves checking the mobile device’s location using the website ip-api.com. Based on scanning results, the app jumps to the next step, which involves downloading an APK that serves as a Trojan SMS.

Asian users presumably affected

Collier points out that the malicious app was not able to download the APK possibly due to his location. “Based on all the references to Asia within the code, my assumption is you must be in Asia for this malware to fully function,” he wrote.

Despite the failure to download the APK, the attack doesn’t stop there. Another malicious APK awaits users presumably from a different continent. Its form of attack, however, merely involves pushing adware under the name vn.solarjsc.fakeads.ShowAdsService.

The Malwarebytes report coincides with another from ESET, which recently discovered eight Android apps with Trojan Dropper, a multi-stage malware able to steal users’ personal information. The report urges Android owners to “to check app ratings and comments, pay attention to what permissions they grant to apps, and run a quality security solution on their mobile devices.”