Unit 42 Discover New Samples Of The Android Adware “Ewind”

By   ISBuzz Team
Writer , Information Security Buzz | Apr 13, 2017 05:13 pm PST

Unit 42, Palo Alto Networks threat research unit has observed multiple new samples of the Android Adware family “Ewind”. Researchers believe the attacker is Russian however “Ewind” appears to deliberately target Russians – unusual as Russian actors tend to avoid targeting Russian subjects. The adware Trojan potentially allows full remote access to the infected device, it includes other functionality such as collecting device data, and forwarding SMS messages to the attacker.

Some of the popular Android applications that Ewind targets include:

  • GTA Vice City
  • AVG cleaner
  • Minecraft – Pocket Edition
  • Avast! Ransomware Removal
  • VKontakte
  • Opera Mobile.

“Ewind” is more than simply Adware, at the very least it is an actual Trojan – subverting genuine Android apps. The attackers use a simple approach – they download a popular, legitimate Android application, decompile it, add their malicious routines, then repackage the Android application package (APK). They then distribute the trojanized application using their own, Russian-language-targeted Android Application sites.

More information is available on the Unit 42 blog:


Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x