Doctor Web’s overview of malware detected on mobile devices in December 2019

[% DEFAULT FILE_REVIEW = ''; NAME_SOME_ARRAY_IN_MACROSNAME = [ { box => "Overview" }, { box => "Threat of the month" }, { box => "Statistics" }, { box => "Trojans on Google Play" } ] #FILE_REVIEW = 'https://st.drweb.com/static/new-www/news/2020/DrWeb_review_mobile_december_2019.pdf' %] [% BLOCK global.tpl_blueprint.content %]

January 29, 2020

In December, trojan downloaders and malware that downloads and executes arbitrary code were the most commonly detected threats on Android devices. Among them were the Android.RemoteCode and Android.DownLoader families of trojans. The activity of the former increased by 28%, while the latter was 17% less active compared with November. Doctor Web specialists also detected trojans from the Android.Joker family on Google Play for the first time. These trojans subscribed users to expensive services and were also able to execute malicious code on command.

Mobile threat of the month

In the last month of 2019, Doctor Web specialists uncovered the new Android.Joker family of trojans on Google Play. This malware subscribed users to expensive services and was able to download and execute arbitrary code, as well as download additional malicious modules. As before, the writers of the malicious applications disguised them as harmless software, such as camera apps, image editors, instant messengers, useful utilities, etc.

According to statistics collected by Dr.Web for Android

Android.DownLoader.677.origin

Android.DownLoader.909.origin

Trojans that download other malware and unwanted software.

Android.RemoteCode.246.origin

A malicious application that downloads and executes arbitrary code.

Android.Backdoor.682.origin

A trojan that executes cybercriminals’ commands and helps them control infected mobile devices.

Android.Triada.481.origin

A multi-functional trojan that performs various malicious actions.

Android.Proxy.12.origin

Malware that redirects cybercriminal traffic via infected Android devices.

Program.FakeAntiVirus.2.origin

Detects adware that imitates anti-virus software.

Program.FreeAndroidSpy.1.origin

Program.MonitorMinor.1.origin

Program.MobileTool.2.origin

Spyware that monitors activities of Android users and may serve as a tool for cyber espionage.

Program.RiskMarket.1.origin

An app store that contains trojan software and recommends that users install it.

Tool.SilentInstaller.6.origin

Tool.SilentInstaller.7.origin

Tool.SilentInstaller.11.origin

Tool.VirtualApk.1.origin

A riskware platform that allows applications to launch APK files without installing them.

Tool.Rooter.3

A utility designed to obtain root privileges on Android devices. It may be used by cybercriminals and malware.

Program modules that incorporate themselves into Android applications and display obnoxious ads on mobile devices:

Adware.Toofan.1.origin

Adware.Myteam.2.origin

Adware.Adpush.6547

Adware.Dowgin.5.origin

Adware.Zeus.1

To protect your Android device from malware and unwanted programs, we recommend you install Dr.Web for Android.

[% END %]