July 29, 2016
In the past month, Doctor Web specialists found a new Trojan on Google Play that displays advertisements and steals private information. They also discovered a spyware Trojan incorporated into a modified version of the popular game—Pokémon Go.
PRINCIPAL TRENDS IN JULY
- A large number of applications containing an adware Trojan were discovered on Google Play.
- A new spyware Trojan incorporated into a modified version of the game Pokémon Go.
Mobile threat of the month
In July, our specialists discovered yet another Trojan on Google Play—Android.Spy.305.origin. This Trojan is designed to display advertisements and steal confidential information. Android.Spy.305.origin is an advertising platform that can display ads on top of running applications and operating system interfaces. It can also display ads in the status bar. Doctor Web security researchers detected more than 150 applications containing this Trojan. These applications have been downloaded over 2.8 million times.
For more information about this incident, refer to this news article published by Doctor Web.
According to statistics collected by Dr.Web for Android
- Android.Xiny.26.origin A Trojan that obtains root privileges, copies itself into the system registry, and then is able to install various applications without the user’s knowledge. It can also display annoying advertisements.
- Android.Backdoor.418.origin
- Android.Backdoor.336.origin
Trojans that can act on cybercriminals’ commands to carry out various malicious activities. - Android.HiddenAds.14.origin
A Trojan designed to display advertisements. It is distributed under the guise of popular apps by other malicious programs that in some instances covertly install it in the system directory. - Android.PhoneAds.1.origin
A Trojan that delivers annoying advertisements.
- Adware.WalkFree.1.origin
- Adware.Leadbolt.12.origin
- Adware.Airpush.31.origin
- Adware.LockAd.1
- Adware.WalkFree.2.origin
An unwanted program module that is incorporated into Android applications and is responsible for displaying annoying ads on mobile devices.
Spyware
The Pokémon Go game, which was released in July, became very popular with millions of users worldwide, a fact that did not go unnoticed by cybercriminals. In mid-July, Doctor Web specialists detected that a modified version of this game contained Android.Spy.178.origin, a spyware Trojan first spotted by Doctor Web in April 2015. Android.Spy.178.origin steals private information—for example, information about phone calls, SMS messages, contacts, GPS coordinates, and browser history and bookmarks.
Attackers are still trying to compromise Android devices by publishing malicious applications on Google Play and turning benign programs into dangerous ones. Therefore, Doctor Web strongly advises users to protect their devices with anti-virus software and download applications only from reliable resources.
