AegisLab reports they discovered an Android trojan which they dubbed ADRD. The writer tucked it into some wallpaper apps found in a Chinese third partry application store (the last place you’d expect, right?). What the thing does if you sideload it is phone home your IMEI to adrd.taxuan.net, an apparent Microsoft machine in Wuhan, China (surprise) with twenty ports open including Tor, and awaits commands, effectively establishing an Android device botnet for an unknown purpose.
Meanwhile, the Chinese host instructs the infected device to various Chinese URLs including Baidu search strings. AegisLab describes the bandwidth consumption and nature of the virus as being of “lower profile” than a trojan from last year but that it nonetheless consumes bandwidth which depending on how much bandwidth it uses and what quota situation someone may be in with their carrier, it may cost people money and has the potential to do other things. AegisLab suspects the purpose of prompting these search queries is for SEO purposes of all things on Baidu, also Chinese and known for being in cahoots with the Chinese government for large scale attacks on American tech companies including incidents of international corporate espionage in addition to sabotage according to US State Department sources. It was in the Times.
To protect yourself, as with the other Android “viruses,” just move along and keep doing your thing unless your thing includes downloading and executing software from random Chinese servers. I’ll go out on a limb here and call that a dumb idea to do with anything involving software unless you’re trying to illustrate a valid point about the Chinese.
And no, don’t try to spin this, AegisLab is not Chinese. They’re Taiwanese.