March 2017 mobile malware review from Doctor Web

April 3, 2017

In March, Doctor Web security researchers found a program on Google Play that displayed annoying advertisements after its installation. It created unremovable widgets, embedded banners in the lock screen and displayed ads after unlocking devices. More than 50 million users installed this program.

Mobile threat of the month

In the beginning of March, Doctor Web security researchers detected a new unwanted advertising module on Google Play. Dubbed Adware.Cootek.1.origin, it was embedded in a safe keyboard application called TouchPal.

Adware.Cootek.1.origin has the following characteristics:

• It creates widgets that can’t be deleted until the device owner clicks on them;
• When these widgets are tapped, the module displays a window with a mini-game that eventually comes to an end, and then ads are displayed to the user;
• It embeds banners in the Android lock screen;
• It displays advertising banners after unlocking a device.

More information regarding Adware.Cootek.1.origin can be found in the corresponding news article published by Doctor Web.

According to statistics collected by Dr.Web for Android

• Android.HiddenAds.68.origin
• Android.HiddenAds.76.origin
• Android.HiddenAds.83.origin

Trojans designed to display unwanted ads on mobile devices. They are distributed under the guise of popular apps by other malicious programs that in some instances covertly install them in the system directory.

Android.Triada.197.origin

A Trojan that performs different malicious functions.

Android.Mobifun.7

A Trojan designed to download other Android applications.

• Adware.Jiubang.1
• Adware.Airpush.31.origin
• Adware.Appsad.3.origin
• Adware.Leadbolt.12.origin
• Adware.Patacore.2

Unwanted program modules that are incorporated into Android applications and are designed to display annoying ads on mobile devices.

Among the programs distributed via Google Play, there are both malicious and unwanted applications. Doctor Web recommends that device owners install Dr.Web for Android to protect their smartphones and tablets from such software.