DrWeb anti-virus software provider compiled a report of the most interesting malware for April. Android OS related viruses turned to be the most popular platform for malicious applications among hackers.

In April security experts encountered first complete backdoor for Android which has two versions. Android.Crusewind features new infection methods and unusual load. People receive such messages as “You have new updates for MMS/GPRS/EDGE. To activate the new settings follow the link http://.../flash/MM329.apk.” Pressing the link a user gets infected with Trojan APK, an Android distributive.

After the Trojan is installed it starts downloading a configured XML file from its command center. The maware can send SMS messages under the server command.

Hackers have also developed other Trojans for Android OS such as various versions of Android.Spy and Android.SmsSend.

First time Android.Spy.54 was detected on a Chinese website www.nduoa.com which offers apps for Android devices. The Trojan was built into the Paojiao widget that allows users to make calls or send SMS messages to the selected numbers.

A new version of Android.Spy registers a background service that connects to the perpetrators’ server sending them user’s identity data such as IMEI and IMSI. Besides, the Trojan also installs an XML configuration file that contains instructions to send spam SMS messages from the victim’s phone.