January 2018 mobile malware review from Doctor Web
January 31, 2018
In January 2018, Doctor Web virus analysts found approximately three dozen games containing a Trojan on Google Play. It covertly downloaded and launched malicious modules that performed various malicious actions. In addition, in the past month, owners of smartphones and tablets were under a threat of yet another Android banker designed to steal confidential information and money. Also in January, the Dr.Web virus database was updated with entries for detection of several spyware. Among the distributed malicious programs, was a new miner Trojan that used the computing power of infected mobile devices to mine the Monero cryptocurrency.
PRINCIPAL TRENDS IN JANUARY
- The detection of numerous games with an embedded Trojan on Google Play
- The spreading of malicious programs that spied on mobile device owners
- The detection of a new Android banker that stole money from users
- The spreading of a new mining Trojan
Mobile threat of the month
In January, Doctor Web specialists detected almost 30 games with the embedded Android.RemoteCode.127.origin on Google Play. It was part of a special framework for extending an application’s functionality. Android.RemoteCode.127.origin covertly downloaded and launched additional modules that performed various actions. For example, they loaded websites and clicked on their links and ads, simulating user actions. For more information regarding this Trojan, refer to this news article.
According to statistics collected by Dr.Web for Android
- Android.DownLoader.573.origin
- A malicious program that downloads other Trojans and also unwanted software.
- Android.HiddenAds.171.origin
- Android.HiddenAds.253
- Android.HiddenAds.222.origin
- Trojans designed to display unwanted ads on mobile devices. They are distributed under the guise of popular apps by other malicious programs, which sometimes covertly install them in the system directory.
- Android.RemoteCode.117.origin
- A Trojan that downloads and launches various program modules, including malicious ones.
- Adware.Jiubang.2
- Adware.Jiubang.1
- Adware.Allinone.1.origin
- Adware.Adviator.6.origin
- Adware.Leadbolt.12.origin
- Unwanted program modules incorporated into Android applications and designed to display obnoxious ads on mobile devices.
Banking Trojan
Over the past month, cybercriminals spread a banking Trojan Android.BankBot.250.origin that displayed phishing input windows for login credentials and sent them the input confidential information. It could intercept SMS with verification codes, covertly confirm money transfers to cybercriminals’ accounts, and also perform other operations in online banking systems.
Spyware
In January, the Dr.Web virus database was updated with new entries for detecting several spyware. One of them was the Android.Spy.422.origin, also known as Dark Caracal. Cybercriminals used this malicious program for cyber espionage. Android.Spy.422.origin stole SMS messages, tracked phone calls, stole photos, web browser history and saved bookmarks, recorded the environment using a built-in microphone from an infected mobile device and performed a range of other actions. Other spyware were new modifications of a malicious program Android.Spy.410.origin, which had been known to Doctor Web specialists since December 2017. It tracks correspondence in popular messengers such as Telegram, WhatsApp, Skype and others. It also intercepts SMS messages and phone calls, and steals photos.
Android miner
Among the malicious programs for Android detected in January was a mining Trojan dubbed Android.CoinMine.8. Cybercriminals spread it as games and programs available for free download from a website. Actually, all these applications were the Trojan that used infected devices to mine the Monero cryptocurrency.
Cybercriminals still create new malicious and unwanted Android applications and spread them not only via fraudulent websites, but also via Google Play. Doctor Web recommends that mobile device owners install Dr.Web for Android to protect their mobile devices from these threats.
Your Android needs protection
Use Dr.Web
- The first Russian Anti-virus for Android
- More than 135 million downloads on Google Play alone
- Free for users of Dr.Web home products