My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


March 2015 Android malware overview

April 2, 2015


  • SMS Trojans
  • Backdoors
  • Growing number of encryption ransomware programs
  • New malicious programs that generate illicit profits

The number of entries for malicious and unwanted software in the Dr.Web for Android virus database

February 2015March 2015Movement

Mobile threat of the month

In the past month Doctor Web security researchers discovered the dangerous multi-purpose program Android.Titan.1 which covertly sends SMS, makes calls, and collects all sorts of confidential information. This threat’s distribution and features:


However, the malware is detected and neutralised by Dr.Web anti-viruses for Android. More information about this malware can be found in the corresponding publication on Doctor Web's site.

SMS Trojans

SMS Trojans remain among the most active malicious programs for Android. Android.Bodkel programs were the ones most commonly detected in March. Some of these programs were spread in Russia via a social networking site where criminals started communities for those using illegal copies of commercial software for Android. The criminals also lured potential victims to a number of dubious sites with free offers to download such programs.



Once one of these malicious programs was installed on a device, it would covertly send premium short messages, bypass CAPTCHA verification to subscribe the user to chargeable services, and perform a wide range of other malicious tasks on command. Some of the Android.Bodkel Trojans used in this attack:

The number of entries for SMS Trojans for Android.Bodkel in the Dr.Web virus database:

February 2015March 2015Growth

Also last month, virus writers continued to design and distribute Android.SmsSend programs. Android.SmsSend virus definitions in the Dr.Web virus database:

February 2015March 2015Movement

Banking Trojans

The past month also saw incidents involving criminals spreading various banking Trojans for Android. In particular, such malicious applications were once again engaged in attacks in South Korea where criminals reprised their technique of using SMS spam messages containing a link to get users to download the malware, but the number of such spam campaigns in March decreased significantly compared with previous months and included fewer than 20 incidents. Virus makers used the following malicious program in their attacks on customers of banks in South Korea:



The banking Trojan steals the authentication information used by the clients of some South Korean financial organisations. Once a popular online banking application is launched, the malware replaces its interface with a fake one that prompts the user to enter all the confidential information necessary to control their bank account. The divulged data is forwarded to criminals. Under the pretext of subscribing the user to a banking service, it attempts to install the malicious program Android.Banker.32.origin.


This Trojan is designed to distribute and install other malware, including various banking Trojans, onto Android handhelds. It is being spread primarily in South Korea.


March also experienced the discovery of new ransomware species of the Android.Locker family. These programs lock Android devices and demand a ransom to unlock them. Virus definitions for these ransomware programs in the Dr.Web virus database:

February 2015March 2015Growth

Other malicious applications


This Trojan is designed to generate illicit profits for intruders by loading sites involved in different kinds of surveys in the compromised device's browser. Threat distribution and features:

screen screen screen


A multi-purpose backdoor for Android that can perform a wide range of tasks. Distribution and features:

Protect your Android handheld with Dr.Web now

Buy online Buy via Google Play Free of charge