The page may not load correctly.
August 5, 2019
Last month Doctor Web reported the dangerous Android.Backdoor.736.origin trojan that executed malicious commands, stole confidential data and displayed fraudulent windows and messages. In July, malware analysts discovered many new adware trojans of the Android.HiddenAds family on Google Play. The Dr.Web virus database has also been updated to detect the unwanted adware Adware.HiddenAds.9.origin, as well as the spyware trojans Android.Spy.567.origin and Android.Spy.568.origin.
In mid-July, Doctor Web virus analysts investigated the Android.Backdoor.736.origin trojan, spreading under the guise of OpenGL Plugin software. It allegedly checked the version of the OpenGL ES interface and installed its updates.
This backdoor spied on users, sending information about their contacts, phone calls, and their device location to the attackers. It also uploaded files from devices to a remote server, as well as download and installed software. Features of Android.Backdoor.736.origin:
Program modules that incorporate themselves into Android applications and display obnoxious ads on mobile devices:
A riskware platform that allows applications to launch APK files without installing them:
Since the beginning of July, Doctor Web malware analysts have detected many new adware trojans of the Android.HiddenAds family on Google Play, installed by over 8.2 million users. These malware spread under the guise of harmless games and useful applications, such as camera filters, system utilities, alarm clocks, etc. After launching, the trojans hid their icons from the software list on the main screen and started displaying banners that interfered with device operation.
In addition, a new unwanted advertising module named Adware.HiddenAds.9.origin was uncovered. It was embedded into the compass software and a collection of wallpapers for the desktop. It displayed ads even when these applications were closed.
Last month, the Dr.Web virus database was also updated to detect the spyware trojans Android.Spy.567.origin and Android.Spy.568.origin. The first one transferred the data from text messages, phone calls, calendar, and phone book entries to a remote server, as well as information about files stored on the device.
The second one displayed a fraudulent message, prompting a potential victim to update a Google Play component. If the user agreed, the trojan displayed a phishing window that simulated a Google account login page.
Virus writers made a spelling mistake in the phrase “Sign in”, which could indicate a fake. If the victim did not notice this and logged into the account, Android.Spy.568.origin stole the data of the current session, and the attackers gained access to confidential information, such as calendar entries, verification codes, phone numbers, and email addresses to restore access to the account.
To protect your Android device from malware and unwanted programs, we recommend you install Dr.Web for Android.
© Doctor Web
2003 — 2022
Doctor Web is a cybersecurity company focused on threat detection, prevention and response technologies
Doctor Web in social networksLink accounts