Trojan:AndroidOS/Multiverze Virus

If you come across a detection alert for Trojan:AndroidOS/Multiverze, it signifies a problem with your PC. All viruses, without exception, pose a significant threat. Multiverze, classified as a spyware virus, is designed to extract various forms of data from your computer. It employs various tactics to evade malware detection and utilizes secure connections for data exfiltration.

Trojan:AndroidOS/Multiverze specifically targets Android devices and belongs to the Trojan malware category. It disguises itself as a legitimate or desirable application or file in order to deceive users into installing it. Once installed, the Trojan performs malicious activities on the infected device.

Trojan:AndroidOS/Multiverze is notorious for its capability to download and install additional malicious applications onto the compromised Android device without the user’s consent. These applications may include adware, spyware, or other types of malware, further compromising the device’s security and privacy.

The Trojan can also exhibit other harmful behaviors, including the theft of sensitive information, displaying unwanted advertisements, hijacking device functions or settings, and even gaining unauthorized access to the device’s resources.

What does the notification with Trojan:AndroidOS/Multiverze detection mean?

The Trojan:AndroidOS/Multiverze detection you can see in the lower right side is displayed to you by Microsoft Defender. That anti-malware application is quite OK at scanning, but prone to be mainly unreliable. It is prone to malware invasions, it has a glitchy user interface and bugged malware clearing capabilities. Hence, the pop-up which states concerning the Multiverze is just an alert that Defender has actually detected it. To remove it, you will likely need to use a separate anti-malware program.

Microsoft Defender: “Trojan:AndroidOS/Multiverze”

Having Trojan:AndroidOS/Multiverze virus on your computer is not a pleasant thing from any point of view. The worst problem is that you will not see anything wrong. The key specialty of any spyware is being as secretive as possible. Some Multiverze samples also can perform self-deletion after gathering all the data available on the computer. After that, it will be nearly impossible to uncover the flow of events and understand how your accounts were hacked. Long-residing variants of spyware can target the specific folder in the system or file type. Then, files grabbed in such a way will be put for sale on the Darknet – at one of its numerous forums with stolen data.

Spyware Summary:

Name	Multiverze Spyware
Detection	Trojan:AndroidOS/Multiverze
Damage	Steal personal data contained in the attacked system.
Similar	Redline, Vidar, Raccoon
Fix Tool	See If Your System Has Been Affected by Multiverze Spyware

Technical details

Behaviour and properties

Click to expand

Reads data out of its own binary image;
Drops a binary and executes it;
Unconventionial language used in binary resources: Japanese;
Uses Windows utilities for basic functionality;
Attempts to repeatedly call a single API many times in order to delay analysis time;
Network activity detected but not expressed in API logs;

File Info

Click to expand

crc32: 627E66EEmd5: 208bd8a2b70085494d9a7a397415cd59name: 208BD8A2B70085494D9A7A397415CD59.mlwsha1: 5b1046150fd546785b10c389f4a2cb849b983cfesha256: 4f76255bf08cbbf7b39955ec3e7769096da0eb2497aef8a50eff36a4a2dd51f1sha512: 9d0795707fb33961e5e03f12613c1cc2d9d4fd51c62df7e5054863010af6503fe26fb11ef7af4f1f0d9ba1738069535bbe39de774aa722d2b997adfe7aac12e7ssdeep: 6144:XpZt5b9chl8pqqDGGxzod1WXruH43ZrCx63msTjqOuG7mBIrJvfd8fkKCKoj6d:XpZT9q8EqSGB2dSCkjYSt8fk72type: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyright(c) 2001-2016 by pon software                                                  InternalName: deczipWFileVersion: 7.05                   CompanyName: pon software                                                                                   Comments:                                                                                                ProductName: decode zip unicode version.ProductVersion: 7.05        FileDescription: Win32 Zip Self-Extractor                                                                       OriginalFilename: deczipW.exeTranslation: 0x0000 0x04b0

Alternative detection names

Click to expand

GridinSoft	Trojan.Multiverze
K7AntiVirus	Riskware ( 0040eff71 )
Lionic	Trojan.Win32.DiskWriter.4!c
Elastic	malicious (high confidence)
CAT-QuickHeal	Trojan.DiskWriter
McAfee	Artemis!208BD8A2B700
Cylance	Unsafe
Zillya	Trojan.Generic.Win32.55090
Sangfor	Trojan.Win32.DiskWriter.ghi
Alibaba	Trojan:Win32/KillMBR.38c0b200
K7GW	Riskware ( 0040eff71 )
Cyren	W32/Trojan.KWSK-5377
Symantec	Trojan.Gen.MBT
ESET-NOD32	multiple detections
APEX	Malicious
Avast	Win64:Malware-gen
Cynet	Malicious (score: 99)
Kaspersky	Trojan.Win32.DiskWriter.ghi
BitDefender	Trojan.GenericKD.46731442
MicroWorld-eScan	Trojan.GenericKD.46731442
Sophos	Mal/Generic-S
TrendMicro	TROJ_GEN.R002C0WHE21
McAfee-GW-Edition	RDN/Generic.dx
FireEye	Trojan.GenericKD.46731442
Emsisoft	Trojan.GenericKD.46731442 (B)
Webroot	W32.DiskWriter
Avira	TR/DiskWriter.vmdsk
eGambit	Unsafe.AI_Score_99%
Antiy-AVL	Trojan/Generic.ASMalwS.344B857
Microsoft	Trojan:AndroidOS/Multiverze
GData	Trojan.GenericKD.37331387
AhnLab-V3	Trojan/Win.Generic.C4583918
VBA32	Trojan.DiskWriter
MAX	malware (ai score=88)
Malwarebytes	Malware.AI.1848494700
Panda	Trj/CI.A
Rising	[email protected] (RDML:05TiNfbFleZiEk2TvaFw/g)
Yandex	Trojan.DiskWriter!REj/nUTAbBo
Fortinet	W32/DiskWriter.AG!tr
AVG	Win64:Malware-gen
Qihoo-360	Win32/Ransom.DiskWriter.HgIASZgA

Is Trojan:AndroidOS/Multiverze dangerous?

As I have pointed out earlier, any malware is threatening. And Trojan:AndroidOS/Multiverze is not even near of making more disturbance than real damage. The most misleading feature of this malware is the fact you cannot observe its activity by any means, other than with the use of anti-malware software scanning. And while you are having no clue, cybercriminals who successfully delivered their nasty thing to your computer are starting to count the money. Darknet forums offer a lot of opportunities to market malware logs for a large sum – especially when these logs are newly-collected. And it is a bad idea to imagine what will happen to your accounts when other crooks will put their hands on your credentials.

However, things may have much faster turnover. In some cases, hackers are spreading their malware precisely to the user they are going to rob. Spyware is priceless when it comes to grabbing credentials, and some samples aim precisely at banking accounts or cryprocurrency wallets. One may say, giving spyware a run equals to sending all your money to criminals.

How did I get this virus?

It is not easy to line the origins of malware on your PC. Nowadays, things are mixed up, and distribution tactics utilized by adware 5 years ago may be used by spyware nowadays. But if we abstract from the exact distribution way and will think about why it works, the explanation will be quite uncomplicated – low level of cybersecurity understanding. Individuals click on advertisements on strange websites, click the pop-ups they get in their web browsers, call the “Microsoft tech support” thinking that the scary banner that says about malware is true. It is important to recognize what is legitimate – to avoid misconceptions when attempting to figure out a virus.

The example of Microsoft Tech support scam banner

Nowadays, there are two of the most extensive methods of malware spreading – lure emails and also injection into a hacked program. While the first one is not so easy to stay away from – you should know a lot to recognize a counterfeit – the second one is very easy to solve: just do not utilize hacked apps. Torrent-trackers and other sources of “free” applications (which are, in fact, paid, but with a disabled license checking) are really a giveaway point of malware. And Trojan:AndroidOS/Multiverze is just amongst them.