Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

February 2018 mobile malware review from Doctor Web

February 28, 2018

In February, Doctor Web security researchers detected a miner Trojan that infects different Android devices with the debugging mode enabled. Additionally, in the past month, a Trojan Android.BankBot.336.origin posed a threat to users. This Trojan steals confidential information and money from bank accounts.

PRINCIPAL TRENDS IN FEBRUARY

  • Distribution of a miner Trojan that infects some Android devices
  • Distribution of a new banking Trojan

Mobile threat of the month

In February, a Trojan Android.CoinMine.15 became widespread. Cybercriminals used the Trojan to mine the Monero cryptocurrency. This malware is designed as a worm and can infect Android smartphones, tablets, TVs, routers, and media players connected to the network. The infection is possible only when the devices have the Android Device Bridge debugging mode enabled (ADB). In cases of successful infection, one of the Trojan’s components tries to detect the next device and install the Trojan’s copy on it.

According to statistics collected by Dr.Web for Android

According to statistics collected by Dr.Web for Android #drweb

Android.RemoteCode.121.origin
Android.RemoteCode.117.origin
Trojans that download and launch various program modules, including malicious ones.
Android.HiddenAds.253
Android.HiddenAds.222.origin
Adware Trojans spread under the guise of benign software by other malicious programs that, in some instances, covertly install the Trojans in the system directory.
Android.Mobifun.4
A Trojan that downloads other malware applications.

According to statistics collected by Dr.Web for Android #drweb

Adware.Adpush.601
Adware.Jiubang.2
Adware.Jiubang.1
Adware.Leadbolt.12.origin
Unwanted program modules incorporated into Android applications and designed to display obnoxious ads on mobile devices.
Tool.SilentInstaller.1.origin
Riskware designed to silently launch application without the users’s intervention.

Banking Trojan

Over the past month, a Trojan Android.BankBot.336.origin was detected on Google Play. Cybercriminals distributed it as a universal application designed to work with various Internet banking systems. This malicious program steals logins and passwords from user accounts, as well as information about bank cards. After these actions, the Trojan covertly transfers funds from user bank accounts to cybercriminals.

Virus makers continue to refine their malicious programs for Android and distribute them via known and innovative methods. That said, various Trojans can still be found on Google Play. To protect smartphones, tablets, and other devices from such threats we recommend that you install Dr.Web anti-virus products for Android.

Your Android needs protection
Use Dr.Web

Free download

  • The first Russian Anti-virus for Android
  • More than 135 million downloads on Google Play alone
  • Free for users of Dr.Web home products

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040