A new class of malicious software programs have infiltrated the Android database and is finding their way into the system files of a lot of handheld devices. The Trojan has been detected by the Russian anti-virus software DrWeb, and is named Android.loki. There are four main versions to the virus that gets installed: Android.loki.1.origin, android.loki.2.origin, android.loki.3, and android.loki.6. These files work together to gather information about the device then use it for monetary gain.


Android.loki1 is the main file, and is helped by the remaining files which get installed into the batch folder of the device and gathers relevant information such as the MAC address, IMEI, the MNC Identifiers, the IMSI, the MCC, and things such as the screen resolution and the version of the OS. Based on this information, the infected devices can be distinguished from those that are not infected.

The main file then proceeds to install software into the infected devices in order to use them for monetary gain. The Trojan makes use of a command and control server that allows the application to install software without seeking permission of the user.  Further to that, the software also has the capacity to kill other applications and uninstall them.

While viruses have somehow gone light on Google’s Android platform in spite of the marketplace’s open framework, the trojans and virus makers around the world seem to be catching up. As a spokesperson for DrWeb noted, the present day versions of once primitive viruses have become as complicated as the most complex windows viruses you can come across.