In the past month, Android devices were once again targeted by malicious programs distributed via Google Play. The list contained the Android.HiddenAds adware trojans as well as the Android.SmsSpy spyware that intercepted text messages.

PRINCIPAL TREND IN MAY

Distribution of malicious applications on Google Play

Mobile threat of the month

The malware detected in May included spyware trojans from the Android.SmsSpy family, Android.SmsSpy.10206 and Android.SmsSpy.10263. They were distributed via Google Play under the guise of banking software.

After installation and launch, these malicious programs attempted to assign themselves as the default SMS manager, requesting permission from the user. If permission was granted, Android.SmsSpy.10206 and Android.SmsSpy.10263 began intercepting all incoming text messages and transferring them to the attacker's server.

Specific features of the malware:

it was intended for Spanish-speaking users;
it was based on the open source SMSdroid software with an added trojan function.

According to statistics collected by Dr.Web for Android

Android.Backdoor.682.origin: A trojan that executes cybercriminals’ commands and helps them control infected mobile devices.
Android.RemoteCode.4411
Android.RemoteCode.197.origin: Malicious applications designed to download and execute arbitrary code.
Android.HiddenAds.261.origin
Android.HiddenAds.1102: Trojans designed to display intrusive advertisements. They are distributed as popular applications by other malicious programs; which in some cases, covertly install them in the system catalog.

Adware.Zeus.1
Adware.Jiubang.2
Adware.AdPush.33.origin
Adware.Toofan.1.origin: Unwanted program modules that embed themselves into Android applications and display obnoxious ads on mobile devices.
Tool.VirtualApk.1.origin: A riskware platform that allows applications to launch APK files without installing them.

Adware trojan

In early May, Doctor Web analysts discovered the Android.HiddenAds.1396 trojan on Google Play, which was distributed as an audio player.

The malicious program did allow users to listen to music, but then hid its icon after the first launch, preventing users from launching it again. Android.HiddenAds.1396 displayed obnoxious advertising banners that made it difficult to work with the infected mobile device.

New malicious and unwanted applications keep appearing on Google Play. Doctor Web recommends Android device owners to install Dr.Web for Android to protect themselves.

Your Android needs protection.

Use Dr.Web

The first Russian anti-virus for Android
Over 140 million downloads—just from Google Play
Available free of charge for users of Dr.Web home products

Free download

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040

Other Dr.Web resources

Site map

Your browser is obsolete!

News by topic

May 2019 mobile malware review from Doctor Web