The page may not load correctly.
January 31, 2018
In January 2018, Doctor Web virus analysts found approximately three dozen games containing a Trojan on Google Play. It covertly downloaded and launched malicious modules that performed various malicious actions. In addition, in the past month, owners of smartphones and tablets were under a threat of yet another Android banker designed to steal confidential information and money. Also in January, the Dr.Web virus database was updated with entries for detection of several spyware. Among the distributed malicious programs, was a new miner Trojan that used the computing power of infected mobile devices to mine the Monero cryptocurrency.
In January, Doctor Web specialists detected almost 30 games with the embedded Android.RemoteCode.127.origin on Google Play. It was part of a special framework for extending an application’s functionality. Android.RemoteCode.127.origin covertly downloaded and launched additional modules that performed various actions. For example, they loaded websites and clicked on their links and ads, simulating user actions. For more information regarding this Trojan, refer to this news article.
Over the past month, cybercriminals spread a banking Trojan Android.BankBot.250.origin that displayed phishing input windows for login credentials and sent them the input confidential information. It could intercept SMS with verification codes, covertly confirm money transfers to cybercriminals’ accounts, and also perform other operations in online banking systems.
In January, the Dr.Web virus database was updated with new entries for detecting several spyware. One of them was the Android.Spy.422.origin, also known as Dark Caracal. Cybercriminals used this malicious program for cyber espionage. Android.Spy.422.origin stole SMS messages, tracked phone calls, stole photos, web browser history and saved bookmarks, recorded the environment using a built-in microphone from an infected mobile device and performed a range of other actions. Other spyware were new modifications of a malicious program Android.Spy.410.origin, which had been known to Doctor Web specialists since December 2017. It tracks correspondence in popular messengers such as Telegram, WhatsApp, Skype and others. It also intercepts SMS messages and phone calls, and steals photos.
Among the malicious programs for Android detected in January was a mining Trojan dubbed Android.CoinMine.8. Cybercriminals spread it as games and programs available for free download from a website. Actually, all these applications were the Trojan that used infected devices to mine the Monero cryptocurrency.
Cybercriminals still create new malicious and unwanted Android applications and spread them not only via fraudulent websites, but also via Google Play. Doctor Web recommends that mobile device owners install Dr.Web for Android to protect their mobile devices from these threats.