1. /
  2. Security Response/
  3. Android.Qdplugin

Android.Qdplugin

Risk Level 1: Very Low

Discovered:
October 17, 2012
Updated:
October 29, 2012 7:06:34 PM
Type:
Trojan
Systems Affected:
Android
Android.Qdplugin is a Trojan horse for Android devices that opens a back door and steals information from the compromised device.

Android package file
The Trojan may arrive as a package with the following characteristics:

Package names:
  • air.com.huale.StarWar
  • air.com.huale.SummerFishing
  • com.letang.game124.cn.free
  • com.letang.game126.en
  • com.letang.game128.cn
  • com.letanginc.marinedefender
  • com.mobappbox.glasstower


Installation
The Trojan arrives on the device as part of repackaged versions of legitimate applications. Once installed, the application will display an icon for the legitimate application.


Antivirus Protection Dates

  • Initial Rapid Release version October 17, 2012 revision 017
  • Latest Rapid Release version April 4, 2013 revision 002
  • Initial Daily Certified version October 17, 2012 revision 019
  • Latest Daily Certified version April 4, 2013 revision 018
  • Initial Weekly Certified release date October 24, 2012
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Medium
  • Payload: Opens a back door and downloads adware.
  • Releases Confidential Info: Steals information from the device.

Distribution

  • Distribution Level: Low
Writeup By: Beannie Cai, Zhicheng Zeng

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver