January 13, 2014
Adware.Revmob.origin.1 (525,500 times), Adware.Airpush.origin.7 (476,304 times) and Adware.Airpush.origin.21 (387,881 times) were the programs most frequently detected. Android.SmsSend.origin.749 became the most "popular" malicious program (249,405 incidents). The top 20 undesirable and malicious applications found in December on mobile devices are listed in the table below.
The statistics lead to the conclusion that various Android.SmsSend Trojan modifications remain the most common threats to Android. Also, Dr.Web anti-virus software for Android effectively neutralises various applications that display annoying ads on the screens of smart phones and tablets.
Whenever a malicious or unwanted program was detected, users most often removed it—this happened in 65.5% of incidents. In 27% of cases, the application was not yet installed but stored on the memory card or in the internal memory as an apk file that was removed by the anti-virus. A minor portion of users (4%) moved detected threats to the quarantine. Only 1.8% of users ignored danger warnings from the anti-virus and continued using the infected device, and another 1.4% immediately cancelled the installation of malicious applications on their mobile phones and tablets upon receiving an alert from the anti-virus program.
Samsung Galaxy S III became the most popular device among users of Dr.Web for Android in December—it accounted for 10.72% of the devices on which Dr.Web anti-virus software was installed. Samsung Galaxy S II ranks second with 5.19% of installations, Samsung Galaxy S IV ranks third with 4.70%, and Samsung Galaxy Note II ranks fourth—4.53% of Dr.Web for Android installations occurred on this device. Our users’ preferences regarding Android-device manufacturer are shown in the chart below.
Information about the most common versions of Android on devices protected with Dr.Web can be found on the diagram below.
In addition to the threats that pose a danger to Android, Dr.Web for Android often detected and neutralised some malicious programs for Windows—those that penetrated devices while they were connected to a desktop or a laptop and used them as portable storage devices to spread further. Thus, 12,755 copies of the worm Win32.HLLW.Olala were identified and removed from mobile devices in December 2013. The mobile Dr.Web virus database contains multiple entries for malware that can replicate itself to removable media. In addition, Dr.Web promptly detected and removed numerous cross-platform Trojans of the Java.SMSSend family which can work on any mobile device that supports Java.
Doctor Web's analysts will continue to monitor the statistics and inform users about the latest threats and the overall security situation.
Learn more with Dr.Web
Tell us what you think
You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.