In February, the number of threats found on Android devices dropped by 11.57% compared to January. The amount of detected malware decreased by 11.05%. Trojans downloading other malware and executing arbitrary code were among the most active.

The number of identified unwanted apps increased by 0.48%. At the same time, the number of detected adware and potentially dangerous software decreased by 11% and 2.56% respectively.

Our specialists have identified threats on Google Play. New modifications of the Android.HiddenAds adware trojan family and Android.FakeApp fraudulent app family were among them.

PRINCIPAL TRENDS IN FEBRUARY

The number of threats detected on Android devices decreased
The appearance of new threats on Google Play

According to statistics collected by Dr.Web for Android

Android.RemoteCode.246.origin
Android.RemoteCode.256.origin
Android.RemoteCode.262.origin: Malicious applications that download and execute arbitrary code.
Android.MobiDash.4945: A trojan that displays obnoxious ads.
Android.Triada.491.origin: A trojan that executes criminal commands and helps them control infected mobile devices.

Program.FakeAntiVirus.2.origin: Detects adware that imitates anti-virus software.
Program.MobileTool.2.origin
Program.Mrecorder.1.origin
Program.FreeAndroidSpy.1.origin
Program.SpyPhone.4.origin: Software that monitors Android user activity and may serve as a tool for cyber espionage.

Tool.SilentInstaller.6.origin
Tool.SilentInstaller.7.origin
Tool.SilentInstaller.11.origin
Tool.VirtualApk.1.origin: Riskware platforms that allow applications to launch APK files without installation.
Tool.Rooter.3: A utility designed to obtain root privileges on Android devices. It may be used by cybercriminals and malware.

Program modules incorporated into Android applications and designed to display obnoxious ads on Android devices:

Adware.Myteam.2.origin
Adware.Mobby.5.origin
Adware.Adpush.6547
Adware.Toofan.1.origin
Adware.Gexin.2.origin

Threats on Google Play

In February, our security specialists discovered several threats on Google Play. Trojans of the Android.HiddenAds family, dubbed Android.HiddenAds.2065, Android.HiddenAds.2066 and Android.HiddenAds.2067 were among them.

Upon launch these trojans hid their icons from the apps list on the home screen and displayed obnoxious ads. Attackers spread them as benign software such as wallpapers collections, image editors and useful system tools.

In addition, new fraudulent apps of the Android.FakeApp family have been spotted. They were added to the Dr.Web virus database as Android.FakeApp.189 and Android.FakeApp.4.origin. Cybercriminals spread them as apps designed to help users earn money online. These trojans loaded websites containing fake polls where potential victims were asked to answer a few questions. To get the “reward”, they were required to confirm their identity or pay a fee. To do so, victims were asked to provide their bank card information or transfer the requested amount to an electronic wallet. Consequently, users never received any payment, lost the transferred money and were put at risk of losing all the funds in their bank accounts.

Our specialists have identified the Android.Click.878 clicker trojan spread as a wallpaper collections app. Upon launch, it loaded various websites, including malicious and scam sites, in the Google Chrome browser. To hide from users, Android.Click.878 removed its icon from the apps list on the home screen. The trojan could then be found only on the apps list on the system menu where the clicker was presented as an application called “Settings” and equipped with the wheel icon.

To protect your Android device from malware and unwanted programs, we recommend installing Dr.Web for Android.

Your Android needs protection.

Use Dr.Web

The first Russian anti-virus for Android
Over 140 million downloads—just from Google Play
Available free of charge for users of Dr.Web home products

Free download