Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Back to news

Mobile threats in January 2014

February 4, 2014

As in the previous year, Doctor Web's security researchers continue to monitor statistics collected by Dr.Web for Android. In January 2014, 11,063,873 samples of unwanted or malignant programs were identified on mobile devices, and the anti-virus usually blocked the operation of adware.

From January 1-30, Dr.Web for Android discovered 11,063,873 malignant or unwanted programs, with about 300,000 threats exposed on a daily basis. Saturday, January 11, accounts for the maximum number of the anti-virus's positives—589,172, while the fewest number of incidents (293,078) was registered on January 1.

Adware.Revmob.1.origin was the most common unwanted application; it was detected in 1,260,374 incidents. It is closely followed by Adware.Airpush.7.origin and Adware.Airpush.21.origin (1,016,462 and 683,738 detections, respectively). Android.SmsSend.749.origin, which sends paid SMS messages to premium numbers, proved to be the most common malignant program. The top ten Trojans most frequently detected by Dr.Web Anti-virus for Android are listed below.

Threat name%
1Android.SmsSend.749.origin3,95
2Android.SmsSend.990.origin2,49
3Android.SmsSend.315.origin2,37
4Android.SmsSend.872.origin1,56
5Android.SmsSend.309.origin1,55
6Android.Subser.1.origin1,27
7Android.SmsSend.758.origin1,13
8Android.SmsSend.859.origin1,11
9Android.SmsSend.466.origin1,01
10Android.SmsBot.25.origin1,01

In terms of the total number of threats to Android detected, Moscow is the most severely "infected" city in the world. Baghdad ranks second. Third and fourth places are taken by the Saudi cities of Riyadh and Jeddah. Cities ranked according to the number of threats identified in January 2014 are shown below.

Threats to Android, by city
graph

It should be noted that 85.7% of malware programs are detected on smart phones; tablets account for only 14.3% of virus incidents.

Detected malware, by device type
graph

Users will also remember January 2014 for the appearance of the first-ever Android bootkit which was added to the Dr.Web virus database as Android.Oldboot.1. This Trojan resides in the protected memory area, so it can run in the early Android loading stage and is hard to remove completely. When launched, Android.Oldboot.1 extracts several components and puts them in the system folders, installing them as ordinary applications. The malware’s main objective is to execute various commands issued by a remote command and control server.

As of January 30, 2014, the number of mobile devices infected with Android.Oldboot.1 exceeded 850,000, which is a 240% increase over the total on 24 January when Doctor Web first warned users about the threat. It has been discovered in European countries, Southeast Asia, and North and .South America. It should be noted though that most incidents occurred in whose market has been the primary target of the criminals behind the malware.

graph

graph

Most users of Dr.Web live in Russia. Dr.Web for Android also enjoys considerable popularity among residents of Suadi Arabia, Iraq, Kazakhstan, Turkey and the Ukraine. The percentage of users who have chosen Dr.Web for Android and Dr.Web for Android Light.

Dr.Web for Android users, by country
graph

Just like last year, the vast majority of users who are installing Dr.Web for Android own Samsung-manufactured devices. Samsung GT-I9300 Galaxy S III (8.26%) was the most popular device in January 2014. Samsung GT-S7562 Galaxy S Duos (3.98%) ranked second, followed by Samsung GT-I9100 Galaxy S II (3.73%). The least common devices running Dr.Web for Android include Craig CMP741D, Hisense E920, Kyocera ISW11K, Motorola A1680 and NEC N-07D (only one device per model in the world).

Doctor Web's analysts will continue to monitor the statistics and inform users about the latest threats and the overall security situation.

Learn more with Dr.Web

Virus statistics Virus descriptions Virus monthly reviews Laboratory-live

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040