The page may not load correctly.
October 31, 2018
In October, information security specialists discovered an Android Trojan capable of executing C# scripts sent from a remote server, as well as downloading and launching malicious modules. More malicious applications were also detected on Google Play this month.
Doctor Web specialists have detected applications with the built-in downloader Trojan Android.DownLoader.818.origin distributed as a VPN client on Google Play. The malware downloaded and tried to install an adware Trojan to mobile devices. Later, malware analysts uncovered other modifications of this downloader, dubbed Android.DownLoader.819.origin and Android.DownLoader.828.origin. The fraudsters disguised them as games.
The Trojans' unique features are as follows:
At the beginning of the month, Doctor Web experts detected the Trojan Android.FakeApp.125 on Google Play. It was distributed as a program allegedly paying money for answering simple questions. In reality, Android.FakeApp.125 was loading and displaying fraudulent websites upon the signal of the managing server.
Later, security researchers detected the Trojan Android.Click.245.origin, disguised by cybercriminals as the Clover game, popular in VKontakte. Like Android.FakeApp.125, Android.Click.245.origin loaded fraudulent websites and displayed them to users.
In late October, Doctor Web analysts investigated the malware Android.RemoteCode.192.origin and Android.RemoteCode.193.origin. They were hiding in 18 seemingly harmless programs—barcode scanners, navigation software, file download managers, and various games, installed on at least 1,600,000 Android mobile devices. The Trojans could display advertisements, download and launch malicious modules, as well as open YouTube videos, increasing their popularity.
Aside from that, the Dr.Web virus database was updated with entries to detect new malware Android.DownLoader.3897, Android.DownLoader.826.origin and Android.BankBot.484.origin. They downloaded and tried to install banking Trojans on mobile devices.
Among the mobile malware detected in October was the Android banker Android.BankBot.1781 with a modular architecture. At the command of the managing server, it could download various Trojan plug-ins, as well as download and execute C# scripts. Android.BankBot.1781 could steal bank card data, SMS messages, and other confidential information.
Cybercriminals distribute malicious programs to Android mobile devices via Google Play and fraudulent or hacked websites. To protect smartphones and tablets, it is recommended that users install Dr.Web anti-virus products for Android.