The page may not load correctly.
November 30, 2017
In November, a multitude of new malicious applications were detected on Google Play.
In early November, security specialists detected a Trojan-Miner that exploited mobile device computing power to mine cryptocurrency. Later, specialists found SMS Trojans that subscribed users to chargeable services. In mid-November, Doctor Web specialists detected a malicious program that downloaded additional Trojan modules. These modules loaded websites and tapped on advertisements and links. In addition, a Trojan was distributed via Google Play. It was designed to download different applications. Furthermore, Android bankers were detected on Google Play. These were designed to steal private user information and money from user bank accounts.
In November, Doctor Web security specialists found nine Google Play applications containing the Trojan Android.RemoteCode.106.origin. In total, these applications have been downloaded at least 2,370,000 times. Once launched, Android.RemoteCode.106.origin downloads and launches additional malicious modules. They are used to automatically load websites specified by a control server and tap advertisements and links on browsed web pages. For more details about Android.RemoteCode.106.origin, please refer to the article on our website.
In early November, the Trojan Android.CoinMine.3 was detected on Google Play. It used the computing power of Android mobile devices to mine the Monero cryptocurrency. This malware was hidden in an application called XCOOEEP, which is designed to access the Club Cooee online chat.
In the WebView window, which is invisible to the user, Android.CoinMine.3 loaded a website containing mining script that runs automatically. The intensive mining process could cause infected mobile devices to experience decreased performance and overheat, and their batteries to drain faster.
Several SMS Trojans distributed via Google Play were among the malicious applications found in the past month. They were embedded into the Secret Notepad, Delicate Keyblard and Super Emotion applications and detected by Dr.Web as Android.SmsSend.23371, Android.SmsSend.23373 and Android.SmsSend.23374. These malicious programs tried to send expensive messages and subscribe user numbers to unwanted services.
In November, new versions of the Android.DownLoader.658.origin Trojan were found on Google Play. When ordered by cybercriminals, it offered mobile users different applications for download and installation. It could also independently download software. Features of Android.DownLoader.658.origin:
In the past month, the Trojan Android.Banker.202.origin was detected on Google Play. It was hidden in benign applications. Once launched, it extracted several malicious components from its resource folder and launched the malicious program Android.Banker.1426. This Trojan downloaded from the control server an Android banker from the Android.BankBot family. This malware program was designed to steal logins, credentials and other confidential information.
A similar scheme was used in a number Android.Banker family Trojans that were also detected on Google Play in November. They extracted and launched a hidden malicious component that would also extract resources from its file and run another Trojan component. The latter, in turn, downloaded one of the banking Trojans from a remote location and tried to install it.
The detection of a large number of malicious applications on Google Play indicates that cybercriminals are still finding new ways to bypass its defense mechanisms. Doctor Web recommends that smartphone and tablet owners install Dr.Web for Android to protect their mobile devices from Trojans and other unwanted programs.