May 2019 mobile malware review from Doctor Web
June 3, 2019
In the past month, Android devices were once again targeted by malicious programs distributed via Google Play. The list contained the Android.HiddenAds adware trojans as well as the Android.SmsSpy spyware that intercepted text messages.
PRINCIPAL TREND IN MAY
- Distribution of malicious applications on Google Play
Mobile threat of the month
The malware detected in May included spyware trojans from the Android.SmsSpy family, Android.SmsSpy.10206 and Android.SmsSpy.10263. They were distributed via Google Play under the guise of banking software.
After installation and launch, these malicious programs attempted to assign themselves as the default SMS manager, requesting permission from the user. If permission was granted, Android.SmsSpy.10206 and Android.SmsSpy.10263 began intercepting all incoming text messages and transferring them to the attacker's server.
Specific features of the malware:
- it was intended for Spanish-speaking users;
- it was based on the open source SMSdroid software with an added trojan function.
According to statistics collected by Dr.Web for Android
- Android.Backdoor.682.origin
- A trojan that executes cybercriminals’ commands and helps them control infected mobile devices.
- Android.RemoteCode.4411
- Android.RemoteCode.197.origin
- Malicious applications designed to download and execute arbitrary code.
- Android.HiddenAds.261.origin
- Android.HiddenAds.1102
- Trojans designed to display intrusive advertisements. They are distributed as popular applications by other malicious programs; which in some cases, covertly install them in the system catalog.
- Adware.Zeus.1
- Adware.Jiubang.2
- Adware.AdPush.33.origin
- Adware.Toofan.1.origin
- Unwanted program modules that embed themselves into Android applications and display obnoxious ads on mobile devices.
- Tool.VirtualApk.1.origin
- A riskware platform that allows applications to launch APK files without installing them.
Adware trojan
In early May, Doctor Web analysts discovered the Android.HiddenAds.1396 trojan on Google Play, which was distributed as an audio player.
The malicious program did allow users to listen to music, but then hid its icon after the first launch, preventing users from launching it again. Android.HiddenAds.1396 displayed obnoxious advertising banners that made it difficult to work with the infected mobile device.
New malicious and unwanted applications keep appearing on Google Play. Doctor Web recommends Android device owners to install Dr.Web for Android to protect themselves.

Your Android needs protection.
Use Dr.Web
- The first Russian anti-virus for Android
- Over 140 million downloads—just from Google Play
- Available free of charge for users of Dr.Web home products