In August, the number of threats detected on Android devices increased by 2.21% compared to July. Herewith, the number of malware increased by 6.26%, while the number of unwanted apps decreased by 0.49%, the number of riskware apps by 13.82% and adware by 10.1%.

Doctor Web specialists have found new threats on Google Play. Various modifications of the Android.FakeApp trojan family designed to load fraudulent websites were among them. These malicious apps spread under the guise of reference software. Moreover, new member of the Android.Joker mulifunctional trojan family, which subscribed victims to premium services and had a functionality to execute arbitrary code, has also been discovered.

PRINCIPAL TRENDS IN AUGUST

An increased number of threats detected on Android mobile devices
An appearance of new threats on Google Play

According to statistics collected by Dr.Web for Android

Android.HiddenAds.530.origin: A trojan designed to display obnoxious ads and distributed as popular applications. In some cases, it can be installed in the system directory by other malware.
Android.RemoteCode.6122: Malicious application that download and execute arbitrary code. Depending on its modification, it can load various websites, open web links, click on advertisement banners, subscribe users to premium services and perform other actions.
Android.DownLoader.906.origin
Android.DownLoader.909.origin: Trojans that download other malware and unwanted software. They can be hidden inside seemingly harmless apps found on Google Play or malicious websites.
Android.Click.348.origin: A trojan that automatically loads websites and clicks on links and advertisement banners. It can be spread as a harmless apps so that users will not consider it as a threat.

Program.FreeAndroidSpy.1.origin
Program.AndrMonitor.7.origin
Program.MSpy.14.origin: Software that monitors Android user activity and may serve as a tool for cyber espionage. These apps can track device locations, collect information from SMS and social media messages, copy documents, photo and video, spy on phone calls, etc.
Program.FakeAntiVirus.2.origin: Detection name for adware programs that imitate anti-virus software. These apps inform users of non-existing threats, mislead them and demand they purchase the full version of the software.
Program.CreditSpy.2: Detection name for programs designed to assign credit ratings to users based on their personal data. These applications upload SMS, contact information from phonebooks, call history and other information to the remote server.

Tool.SilentInstaller.6.origin
Tool.SilentInstaller.11.origin
Tool.SilentInstaller.13.origin
Tool.SilentInstaller.14.origin: Riskware platforms that allow applications to launch APK files without installation. They create a virtual runtime environment that does not affect the main operating system.
Tool.Packer.1.origin: A packer tool designed to protect Android applications from their unauthorised modification and reverse engineering. This tool is not malicious on itself, but it can be used to protect both harmless and malicious software.

Program modules incorporated into Android applications and designed to display obnoxious ads on Android devices. Depending on their family and modifications, they can display full screen ads and block other apps’ windows, show various notifications, create shortcuts and load websites.

Adware.Adpush.36.origin
Adware.Adpush.6547
Adware.Myteam.2.origin
Adware.Mobby.5.origin
Adware.Toofan.1.origin

Threats on Google Play

In August, Doctor Web’s malware analysts have discovered several new malicious apps from the Android.FakeApp family. Dubbed Android.FakeApp.199, Android.FakeApp.200, Android.FakeApp.202 and Android.FakeApp.203, these trojans spread as a reference software and handbooks with the information about social payouts and tax refunds.

Upon their launch, the trojans load fraudulent websites of an inexistent organization “Unified Compensation Center for the VAT refund” where potential victims are asked to provide their personal information, allegedly to check the availability of the VAT refund or a social payout. After the information is provided, the website imitates the database search and falsely reports about successful validation and availability of the payout.

Next, the chat bot built into the fraudulent website imitates the conversation with the specialist. It offers the victim to fill the form with the additional personal information, as well as to pay the “fee” for the paperwork and money transfer.

As a result, deceived users not only give the scammers their personal and confidential information, but also transfer them the money and receive nothing in return.

Another threat found on Google Play was a member of the dangerous Android.Joker trojan family, dubbed Android.Joker.304. It was spread under the guise of the translation application. Similar to other trojans of this family, Android.Joker.304 could subscribe users to premium services, as well as to load and execute arbitrary code.

To protect your Android device from malware and unwanted programs, we recommend installing Dr.Web for Android.

Your Android needs protection.

Use Dr.Web

The first Russian anti-virus for Android
Over 140 million downloads—just from Google Play
Available free of charge for users of Dr.Web home products

Free download