Looks like Remote Administration Trojan (RAT), threat named Cajino using Baidu Cloud Push, a new way to communicate with server, wasn't only on alternative Android markets. Trojan was found on official Google Play Store with more than 50.000 downloads for more than a month.
|Cajino available on Google Play Store|
"Some samples, under a certain developer, were signed during November 2014, and were available in Google Play since December. The apps were available in the main market until late January, when Google removed them. It seems that some others were available from September until late January." - Eleven Paths
How it looks today?
After few days I published post on my blog, detection rate for this RAT wasn't as suspected, only 4 antivirus vendors detected it.
Hmm after few days detection rate is still poor for #Android #backdoor using #Baidu Cloud Push http://t.co/Hkoraqncbb pic.twitter.com/UUbgyt9TRX
— Lukas Stefanko (@LukasStefanko) March 20, 2015
Application is still available to download from attackers webpage hxxp://guangzhouhan1.dothome.co.kr/music.apk.