MulDrop (Android.MulDrop.924) is an Android Trojan malware first observed in November 2016 by researchers at Dr. WEB. The Trojan is spread within apps that disguise themselves as legitimate games and other applications and is distributed by the Google Play and other application stores. One application it masquerades as is named “Multiple Accounts: 2 Accounts” which supposedly allows users to set up multiple accounts for games, email, messaging, and other software. As of November, the app is still available in the Google Play store and has received a relatively high user rating of 4.1. Part of the Trojan’s functionality is hidden in two modules, kxqpplatform.jar and main.jar, which are encrypted and hidden inside the icon.png PNG image located in MulDrop’s resource catalog. Once launched, the Trojan extracts and copies the components to its local directory and loans them to memory. The main.jar module contains advertising plug-ins to generate revenue. In some versions of MulDrop, the main.jar module contains the Triada Trojan, which leverages exploits to gain root access of the infected device.
- Dr. Web provides technical details on the MulDrop Trojan and its modules, here.