SHA1: 85289cc1247050f15ab49138b0ebc9b4ee4628a5
A Trojan designed to distribute and install other malware on Android mobile devices of South Korean users. It is disguised as an application that is allegedly created by the police.
Once launched, Android.MulDrop.69.origin extracts the gs.apk file from its body and copies it to the Download folder of the compromised device. At the same time, the Trojan displays a message informing the user that they need to get authorized to access some documents of a supposedly conducted investigation. For that, the potential victim has to enter their name and SSN:
Then the Trojan asks the user to install a new version of Google Play and, once consent is given, imitates the download process.
After that, Android.MulDrop.69.origin initializes the process of the downloaded “update” which is, in fact, another Trojan (Android.MulDrop.38) that Android.MulDrop.69.origin extracted and saved as the gs.apk file to the Download folder earlier.