The page may not load correctly.
April 3, 2019
In March, Doctor Web reported a vulnerability in the mobile app, UC Browser, which can download new modules from third-party server. Cybercriminals could use this feature to infect Android smartphones and tablets. Additionally, malware analysts shared information about the Flexnet trojan that stole money from bank cards and mobile credit accounts. During March, other malicious applications were detected on Google Play.
At the end of March, Doctor Web reported a vulnerability in the UC Browser app for Android, discovered by our malware analysts. This program downloaded additional plugins, bypassing Google Play servers and thus violating Google’s policies. Cybercriminals could interfere with the download and make the browser download and launch malicious files instead. Over 500,000,000 mobile users have been exposed to threats. See the details of this vulnerability in our virus library.
Cybercriminals continue to distribute banking trojans based on the source code of the Android.ZBot malware. One of them is the Flexnet trojan. It steals money from bank cards and can also transfer money from victims' mobile credit accounts to pay for various services. For example, it can help cybercriminals top up the balance of gaming accounts, pay for hosting services, and pay for their own mobile plans. Read more about the Flexnet banking trojan in the news article on our website.
In March, we found more malicious programs on Google Play, including the trojans Android.FakeApp.152 and Android.FakeApp.162, which loaded fraudulent websites. Those websites invite users to take polls for payment in return. To receive money, potential victims are required to make some kind of a verification payment; but in fact, users only transfer the funds to fraudsters and do not receive any reward.
In addition, our malware analysts identified more trojans of the Android.HiddenAds family, including Android.HiddenAds.1133, Android.HiddenAds.1134, Android.HiddenAds.1052, and Android.HiddenAds.379.origin. Our company already reported similar malware in February. These trojans are distributed under the guise of useful applications, such as photo and video editors, camera filters, flashlights, sports software, etc.
After installation and launch, they hide their icons and begin constantly overlaying ads over program windows and the operating system interface, making it difficult to work with the Android devices.
Users of Android devices are threatened by trojans not only distributed via malicious websites, but also via the official Google Play store. To protect smartphones and tablets, we recommend that you install Dr.Web for Android.