The page may not load correctly.
November 9, 2020
In October, the number of threats detected on Android devices increased by 12.36% compared to the previous month. According to statistics, malware increased by 9.08%, unwanted software by 6%, and riskware by 197.24%. With that, adware decreased by 1.51%.
The near triple growth in detected riskware is due to the spread of apps protected by the Tool.Obfuscapk.1 tool. This tool is used to obscure the source code of Android applications. It can be used by legitimate developers, as well as malware creators trying to prevent anti-virus programs from detecting trojans.
New threats were also found on Google Play. Doctor Web specialists have discovered numerous trojans from the Android.FakeApp family. They were spread as reference software supposedly designed to help users get the information about their tax returns and availability of various social compensations. Their real purpose is to download fraudulent websites that scammers use to steal confidential information and money from victims.
Another malware from Google Play was dubbed Android.HiddenAds.2314. This trojan is designed to display obnoxious ads and was spread under the guise of picture editing software.
Program modules incorporated into Android applications and designed to display obnoxious ads on Android devices. Depending on their family and modifications, they can display full screen ads and block other apps’ windows, show various notifications, create shortcuts and load websites.
In October, Doctor Web’s specialists discovered 17 new modifications of the Android.FakeApp trojan family, which were spread as harmless applications, namely reference software. Most of them were hidden in apps that were supposedly designed to help verify the availability of various social compensations and assist in receiving tax returns. According to Dr.Web’s classification, they were dubbed Android.FakeApp.208, Android.FakeApp.209, Android.FakeApp.210, Android.FakeApp.212, Android.FakeApp.213, Android.FakeApp.214, Android.FakeApp.215, and Android.FakeApp.216.
Another modification represented a sport-themed application and was added to the virus database as Android.FakeApp.211.
Their real and only functionality, however, was to load fraudulent websites. In total, these trojans have been downloaded over 105,000 times by the Android users.
Upon launching, these trojans load websites where a potential victim is asked to provide their personal information to “check” whether any financial reimbursements are available to them. After a reimbursement has been “found”, the user is asked for additional information and then prompted to pay a commission or fee to transfer the “refunded” money. If the user agrees, the thieves obtain the victim’s confidential data (e.g., name and surname, mobile number, email address, etc.) and their bank card information, including the CVV2 code. It goes without saying that the unfortunate victim does not receive any money.
The Android.HiddenAds.2314 trojan from the Android.HiddenAds malware family was another thread discovered on Google Play in October. It was spread as a picture editing application. Upon launch, its icon is hidden from the apps list in the main screen menu in order to make it harder for the user to locate the threat and delete it from the infected device. Next, it begins displaying obnoxious ads on top of the interface of other software and the system UI. This makes it more difficult to use the device.
We recommend users install Dr.Web anti-virus products for Android to protect their devices from malicious and unwanted programs.
© Doctor Web
2003 — 2022
Doctor Web is a cybersecurity company focused on threat detection, prevention and response technologies
Doctor Web in social networksLink accounts