According to the Dr.Web Another Trojan found on the devices Lenovo A319 and Lenovo A6000 was named Android.Sprovider.7.
The Trojan is incorporated into the program Rambla which provides access to the Android software catalog named the same.
The payload of Android.Sprovider.7 is located in a separate program module (which is detected as Android.Sprovider.12.origin).
It is encrypted and stored in resources of the main malware program.
When a user unlocks the home screen, the Trojan checks whether the module is still active.
If not, Android.Sprovider.7 retrieves this component from its body and runs it.
However, the security researchers at Dr.Web have already informed smartphone manufacturers about this incident.
