Doctor Web’s overview of mobile malware detected in November 2019

[%# DEFAULT FILE_REVIEW = ''; NAME_SOME_ARRAY_IN_MACROSNAME = [ { box => "Overview" }, { box => "Threat of the month" }, { box => "Statistics" }, { box => "Trojans on Google Play" } ] FILE_REVIEW = 'https://st.drweb.com/static/new-www/news/2019/DrWeb_review_mobile_november_2019.pdf' %] [% BLOCK global.tpl_blueprint.content %]

December 11, 2019

This November, Doctor Web virus analysts detected a number of new threats on Google Play. The list included new modifications to trojans of the Android.Joker family that subscribed users to premium mobile services. Cybercriminals also continued spreading the Android.HiddenAds malware family that displayed annoying ads. We also found a new version of the Android.Backdoor.735.origin backdoor, designed for cyber spying.

Mobile threat of the month

In November, Doctor Web experts detected a new modification to the Android.Backdoor.735.origin trojan, a component of the dangerous Android.Backdoor.736.origin backdoor, reported by Doctor Web in July. This malware, also known as PWNDROID1, was spreading as a utility for configuring and optimising the browser.

Android.Backdoor.735.origin executes cybercriminal commands, allowing them to control the affected Android devices, monitor their owners, as well as download and launch other malicious components.

According to statistics collected by Dr.Web for Android

Android.Backdoor.682.origin

A trojan that executes cybercriminals’ commands and helps them control infected mobile devices.

Android.DownLoader.677.origin

A downloader of other malicious software.

Android.Triada.481.origin

A multi-functional trojan that performs various malicious actions.

Android.MobiDash.4006

Trojan code that displays obnoxious advertising.

Android.RemoteCode.197.origin

A malicious application that downloads and executes arbitrary code.

• Program.FakeAntiVirus.2.origin
  Detects adware that imitates anti-virus software.
• Program.RiskMarket.1.origin
  An app store that contains trojan software and recommends that users install it.
• Program.HighScore.3.origin
  An app store that invites users to install free Google Play apps by paying for them via expensive text messages.
• Program.MonitorMinor.1.origin
• Program.MobileTool.2.origin
  Spyware that monitors activities of Android users and may serve as a tool for cyber espionage.

• Tool.SilentInstaller.6.origin
• Tool.SilentInstaller.7.origin
• Tool.SilentInstaller.11.origin
• Tool.VirtualApk.1.origin
  A riskware platform that allows applications to launch APK files without installing them.
• Tool.Rooter.3
  A utility designed to obtain root privileges on Android devices. It may be used by cybercriminals and malware.

Program modules that incorporate themselves into Android applications and display obnoxious ads on mobile devices:

• Adware.Dowgin.5.origin
• Adware.Toofan.1.origin
• Adware.BrowserAd.1
• Adware.Myteam.2.origin
• Adware.Altamob.1.origin

Trojans on Google Play

Last month, Doctor Web virus analysts detected a number of new modifications to trojans from the Android.Joker family. They were hidden in seemingly innocuous software, such as useful utilities that help configure mobile devices, games, messengers, wallpaper collections and camera apps. This malware subscribes users to premium mobile services, downloads and launches malicious modules, and can execute arbitrary code.

We also detected the new trojan adware, Android.HiddenAds. Cybercriminals were distributing it under the guise of games, camera apps, photo editors and other software.

To protect your Android device from malware and unwanted programs, we recommend you install Dr.Web for Android.

[% END %]