The highly modular architecture of the Trojan is interesting and points out of a few important conclusions. First of all, it has been designed to be easy to include in popular applications, to be uploaded on the Market with misleading names. Secondly, it has a classical command-and-control architecture – it sends an initial “I’m here” query with basic info and then deploys a more complex downloader to infect the device further. This is pretty similar to many Windows Trojans. Finally, the ability to install other applications on the devices hints at the way through which the author was planning to monetize the infections – by deploying Adware or Advertising-supported apps on the device.
