February 28, 2017
The shortest month of 2017 turned out to be a relatively quiet month in terms of mobile information security. In February, Doctor Web specialists examined a Trojan that was spread via Google Play. This malicious program covertly opened websites and could independently tap on advertisements, simulating user actions. As a result, cybercriminals were remunerated for the Trojan’s activities by advertisers and affiliate programs that pay for click-throughs.
Principal trend in February
- The emergence of an Android Trojan on Google Play that covertly loads advertising websites and taps on advertisements and links.
Mobile threat of the month
In February, Android.Click.132.origin was detected on Google Play. It was spread as an optimizing program. This malware loaded advertising websites in background mode and automatically tapped on advertisements and links, bringing profits to cybercriminals.
Android.Click.132.origin has the following characteristics:
- it is distributed under the guise of benign programs;
- it covertly loads websites and taps on advertisements and links;
- it can delete its shortcut from the home screen of the operating system in order to hide its presence on a device;
- it prompts users to grant it administrator privileges on their mobile devices in order to make its removal difficult;
- it appears in the system list of installed programs under the name android.
According to statistics collected by Dr.Web for Android
- Android.Triada.197.origin
A multi-component Trojan that performs different malicious functions. - Android.HiddenAds.68.origin
A Trojan designed to display unwanted ads on mobile devices. - Android.Mobifun.7
A Trojan designed to download other Android applications. - Android.DownLoader.337.origin
A Trojan designed to download other malware. - Android.Loki.34
A malicious program designed to download other Trojans.
- Adware.Jiubang.1
- Adware.Adpush.7
- Adware.Airpush.31.origin
- Adware.Leadbolt.12.origin
- Adware.Patacore.2
- Unwanted program modules that are incorporated into Android applications and are designed to display annoying ads on mobile devices.
Android Trojans are still infiltrating Google Play; thus, users should be careful when downloading unfamiliar applications. Doctor Web recommends that device owners install Dr.Web for Android to protect their smartphones and tablets from malicious software.
