The page may not load correctly.
April, 18 2022
In March, the activity of the Android.Spy.4498 trojan that steals information from other apps’ notifications has slightly decreased. However, this malware remains the most widespread Android threat. According to the Dr.Web anti-virus products for Android detection statistics, its share was 46.98% of the total number of threats detected on protected devices. Adware trojans also remain a relevant threat with Android.HiddenAds family being one of the most notable among them.
In mid-March, Doctor Web reported on the discovery of malicious apps designed to steal cryptocurrencies from Android and iOS-based device users. In addition, new trojans have been uncovered on Google Play throughout the month.
In March, Doctor Web notified users about the discovery of the CoinSteal trojans. These are targeting both Android and iOS-powered device owners and designed to steal their cryptocurrencies. The malicious actors behind the trojans have modified some versions of popular cryptowallet software, including MetaMask, imToken, Bitpie, TokenPocket, and others. They then spread malicious modifications as genuine and harmless versions.
Below are the examples of the original MetaMask application and its malicious variant operation:
Unbeknownst to users, the trojans stole secret seed phrases provided by victims and sent them to a remote server. The seed phrases are used to access cryptocurrencies stored in the cryptowallets. Our specialists discovered dozens of such trojans. Read more about this threat in our news report.
Program modules incorporated into Android applications. These are designed to display obnoxious ads on Android devices. Depending on their family and modifications, they can display full-screen ads and block other apps’ windows, show various notifications, create shortcuts, and load websites.
In March, Doctor Web’s malware analysts discovered yet another fake apps from the Android.FakeApp family on Google Play. They were targeting Russian users and distributed under the guise of software designed to search the information about monetary compensations and allegedly could help receiving government payouts. But the trojans only loaded fraudulent websites to deceive potential victims and help scammers to steal their personal information and money. The malicious apps were added to the Dr.Web virus base as Android.FakeApp.907 (“Компенсация НДС”), Android.FakeApp.908 (“Возврат НДС на карту”), and Android.FakeApp.909 (“Поиск начислений 2022”).
In addition, our specialists revealed the Android.PWS.Facebook.134 trojan targeting Facebook users. This malware was hiding in the Photo PIP and Collager Photo Maker image editing software and stole the data necessary to access users’ Facebook accounts.
To protect your Android device from malware and unwanted programs, we recommend installing Dr.Web anti-virus for Android.
© Doctor Web
2003 — 2022
Doctor Web is a cybersecurity company focused on threat detection, prevention and response technologies