January 20, 2020

Information security experts at the Russian anti-virus company Doctor Web have published the results of their research involving the examination of new versions of Android.Xiny trojans. The first samples in this malware family were discovered in 2015. A corresponding threat warning was issued by Doctor Web in 2016. Nonetheless, virus makers still come up with new species of this malware strain. These trojans target devices running Android 5.1 and even earlier versions. Despite their age, the older firmware versions are still being used. According to Google, on May 7, 2019, 25.2% of all active Android devices were running Android 5.1 and earlier versions. This means that a quarter of all Android-powered devices are potential targets for criminals.

Note that criminals are particularly interested in devices that will never get security patches. Installing applications without user permission has always been the principal function of many Android.Xiny trojans. That way attackers can profit from pay-per-install referral programmes.

These Trojans are widely distributed by virus makers over various software catalogues for mobile devices. They also infiltrate Google Play something that Doctor Web repeatedly warns its customers about.

Having infected a smart phone or tablet, such trojans attempt to gain root access in a system to covertly download and install other software. They can also show annoying ads. Programs belonging to this malicious strain were the first to use a removal protection mechanism.

Devices running Dr.Web software are protected from malicious programs in this trojan family. If Dr.Web is running on a handheld, it will detect the malware and prevent it from starting in the system. If your device was purchased with the infection already present in the system, we recommend that you reflash your Android gadget with official firmware. However, don't forget, that reflashing a device deletes all user files and apps, so create backups before you proceed.

#android