My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


May 2017 mobile malware review from Doctor Web

May 31, 2017

Doctor Web presents its May 2017 overview of malware for mobile devices. In the past month, several new Trojans for Android were detected on Google Play. One of them downloaded applications from the Web and stole confidential information. Another downloaded and launched additional program modules and displayed annoying advertisements. Also in May, cybercriminals distributed a banking Trojan that stole money from user accounts.

Principal Trends in May

  • The detection of Trojans on Google Play
  • The distribution of a banking Trojan for Android

Mobile threat of the month

In early May, Android.RemoteCode.28 was detected on Google Play. It was embedded in an audio player. It downloaded other applications from the Internet and shared with the command and control server information about the infected device and data on the installed software.

screenshot #drweb

Features of Android.RemoteCode.28:

screenshot #drweb screenshot #drweb

According to statistics collected by Dr.Web for Android

According to statistics collected by Dr.Web for Android #drweb

Trojans designed to display unwanted ads on mobile devices. They are distributed under the guise of popular apps by other malicious programs that, in some instances, covertly install them in the system directory.
  • Android.Sprovider.9
A Trojan for Android that is designed to display advertisements in the status bar and download and install other applications including malicious ones.
A multi-component Trojan that performs different malicious functions.

According to statistics collected by Dr.Web for Android #drweb

Unwanted program modules that are incorporated into Android applications and are designed to display annoying ads on mobile devices.

Trojan on Google Play

In mid-May, applications with the Trojan Android.Spy.308.origin embedded in them were detected on Google Play. In particular, they were being distributed by the developer Sumifi Dev. This is not the first time a malicious program has infiltrated the official software catalog for Android. Doctor Web described one such incident in July 2016. After detecting Android.Spy.308.origin, the developer updated the infected applications and deleted the Trojan component. They now pose no threat.

screen #drweb

Android.Spy.308.origin displays annoying advertisements and stealthily downloads and runs additional program modules. In addition, the Trojan steals confidential information and sends it to the command and control server.

Banking Trojans

In May, cybercriminals employed MMS messages to distribute banking Trojans such as Android.BankBot.186.origin. Users received SMS messages containing a link leading to a scam webpage. From there, a malicious APK file was downloaded to mobile devices.

screen #drweb screen #drweb

Android.BankBot.186.origin prompts the user to grant it administrative privileges in order to hinder its removal from the system. It also tries to take the place of the standard application for handling SMS. This is required in order to bypass the security system of new Android versions and to be able to send and intercept messages. After that, the Trojan checks bank account balances and covertly transfers money to cybercriminals.

screen #drweb screen #drweb screen #drweb

Malicious programs for mobile Android devices still pose a threat. The Trojans can be spread via malicious websites as well as via the official application catalog Google Play. Doctor Web recommends that owners of smartphones and tablets install Dr.Web for Android to protect them from dangerous and unwanted software.

Protect your Android device with Dr.Web now

Buy online Buy on Google Play Free download