Russian security firm Dr. Web has discovered a new Android adware trojan dubbed "Slicer." This trojan is embedded in a phone optimization app, installed onto devices by users or by other malware, that claims to clean the device's memory and shut down unused apps and can turn the device's WiFi and Bluetooth on and off. Once it is downloaded onto a device it gathers information about the smartphone, including IMEI identifier, MAC address, device manufacturer, and OS version, and sends it to the C2 server. The app will then display ads, open a page on the device's browser, or open the Google Play Store on an app page. The app may also download an Android rootkit on devices running Android version 4.3 that provides the attacker with root access to the device. The main function of the trojan is to deliver ads to the infected device.

Technical Details

  • Dr. Web provides technical details on Android.Slicer.1.origin, available here.

One example of the Slicer trojan. Image Source: Softpedia