May 2019 mobile malware review from Doctor Web

Virus reviews | Hot news | Threats to mobile devices | All the news | Virus alerts
[% DEFAULT FILE_REVIEW = ''; NAME_SOME_ARRAY_IN_MACROSNAME = [ { box => "Overview" }, { box => "Threat of the month" }, { box => "Statistics" }, { box => "Adware trojan" } ] #FILE_REVIEW = 'https://st.drweb.com/static/new-www/news/2019/DrWeb_review_mobile_may_2019.pdf' %] [% BLOCK global.tpl_blueprint.content %]

June 3, 2019

In the past month, Android devices were once again targeted by malicious programs distributed via Google Play. The list contained the Android.HiddenAds adware trojans as well as the Android.SmsSpy spyware that intercepted text messages.

PRINCIPAL TREND IN MAY

  • Distribution of malicious applications on Google Play

Mobile threat of the month

The malware detected in May included spyware trojans from the Android.SmsSpy family, Android.SmsSpy.10206 and Android.SmsSpy.10263. They were distributed via Google Play under the guise of banking software.

Mobile threat of the month Android.SmsSpy #drweb

After installation and launch, these malicious programs attempted to assign themselves as the default SMS manager, requesting permission from the user. If permission was granted, Android.SmsSpy.10206 and Android.SmsSpy.10263 began intercepting all incoming text messages and transferring them to the attacker's server.

Specific features of the malware:

  • it was intended for Spanish-speaking users;
  • it was based on the open source SMSdroid software with an added trojan function.

According to statistics collected by Dr.Web for Android

According to statistics collected by Dr.Web for Android #drweb

Android.Backdoor.682.origin
A trojan that executes cybercriminals’ commands and helps them control infected mobile devices.
Android.RemoteCode.4411
Android.RemoteCode.197.origin
Malicious applications designed to download and execute arbitrary code.
Android.HiddenAds.261.origin
Android.HiddenAds.1102
Trojans designed to display intrusive advertisements. They are distributed as popular applications by other malicious programs; which in some cases, covertly install them in the system catalog.

According to statistics collected by Dr.Web for Android #drweb

Adware.Zeus.1
Adware.Jiubang.2
Adware.AdPush.33.origin
Adware.Toofan.1.origin
Unwanted program modules that embed themselves into Android applications and display obnoxious ads on mobile devices.
Tool.VirtualApk.1.origin
A riskware platform that allows applications to launch APK files without installing them.

Adware trojan

In early May, Doctor Web analysts discovered the Android.HiddenAds.1396 trojan on Google Play, which was distributed as an audio player.

Adware trojan Android.HiddenAds #drweb

The malicious program did allow users to listen to music, but then hid its icon after the first launch, preventing users from launching it again. Android.HiddenAds.1396 displayed obnoxious advertising banners that made it difficult to work with the infected mobile device.

Adware trojan Android.HiddenAds #drweb Adware trojan Android.HiddenAds #drweb

New malicious and unwanted applications keep appearing on Google Play. Doctor Web recommends Android device owners to install Dr.Web for Android to protect themselves.

Dr.Web Mobile Security

Your Android needs protection.

Use Dr.Web

  • The first Russian anti-virus for Android
  • Over 140 million downloads—just from Google Play
  • Available free of charge for users of Dr.Web home products

Free download

[% END %]
Latest All news