Ewind is an Android adware trojan, identified in mid-2016, that displays advertising on the victim device and can collects device data and forwards SMS messages to the attacker. The adware potentially allows attackers to gain full remote access to the infected device. The attackers behind this adware take popular, legitimate Android applications, decompile them, add their malicious routines, and then repackage the Android application packages (APKs). They distribute the trojanized applications using their own, third-party Russian-language Android Application sites. Some of the popular Android applications that Ewind targets include Grand Theft Auto (GTA) Vice City, AVG cleaner, Minecraft – Pocket Edition, Avast! Ransomware Removal, VKontakte, and Opera Mobile.

Technical Details

  • PaloAlto researchers provide technical details on the Ewind adware trojan, available here.