Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Doctor Web’s April 2020 overview of malware detected on mobile devices

May 22, 2020

In April, the number of threats detected on Android devices increased by 16.46% compared to March. The number of observed malware increased by 16.13%, unwanted applications by 28.37%, riskware by 20.83%, and adware by 17.43%.

Last month, Doctor Web specialists found several threats on Google Play. New modifications of the dangerous Android.Circle malware family trojans executing attackers’ commands were among them. Moreover, the Android.HiddenAds.2124 adware trojan and Android.Joker.164 trojan, which subscribed users to premium mobile services and could execute arbitrary code, were found as well.

PRINCIPAL TRENDS IN APRIL

  • The increased number of the threats detected on Android devices
  • The appearance of the new malware on Google Play

According to statistics collected by Dr.Web for Android

According to statistics collected by Dr.Web for Android #drweb

Android.RemoteCode.246.origin
Android.RemoteCode.256.origin
Android.RemoteCode.262.origin
Malicious applications that download and execute arbitrary code. Depending on their modification, they can load various websites, open web links, click on advertisement banners, subscribe users to premium services and perform other actions.
Android.MobiDash.4945
A trojan that displays obnoxious ads. It represents a special software module that is incorporated into the applications by the developers.
Android.Triada.491.origin
A multifunctional trojan that performs various malicious actions. This malware belongs to the family of trojans that infect other apps’ processes. Some of their modifications could be found in the firmware of Android devices, implanted by attackers during the manufacturing process.

According to statistics collected by Dr.Web for Android #drweb

Tool.SilentInstaller.6.origin
Tool.SilentInstaller.7.origin
Tool.SilentInstaller.11.origin
Tool.VirtualApk.1.origin
Riskware platforms that allow applications to launch APK files without installation. They create a virtual runtime environment that does not affect the main operating system.
Tool.Rooter.3
A utility designed to obtain root privileges on Android devices. It may be used by users, as well as cybercriminals and malware.

According to statistics collected by Dr.Web for Android #drweb

Program.FakeAntiVirus.2.origin
Detection name for adware programs that imitate anti-virus software. These apps can inform users about non-existing threats, mislead them and demand they purchase the full version of the software.
Program.FreeAndroidSpy.1.origin
Program.Mrecorder.1.origin
Software that monitors Android user activity and may serve as a tool for cyber espionage. These apps can track the devices’ location, collect information from SMS, social media messages, copy documents, photo and video, spy on phone calls, etc.
Program.CreditSpy.2
Detection name for the programs designed to assign credit ratings to users based on their personal data. These applications upload SMS, contact information from the phonebook, call history and other information to the remote server.
Program.RemoteBot.1.origin
Application that provides remote control of Android devices. It can intercept and send SMS, intercept and make phone calls, intercept notifications from the OS and other apps, track the device’s location, record surrounding area, take pictures and record videos, etc.

According to statistics collected by Dr.Web for Android #drweb

Program modules incorporated into Android applications and designed to display obnoxious ads on Android devices. Depending on their family and modifications, they can display full screen ads blocking other apps’ windows, show various notifications, create shortcuts and load websites.

Adware.Adpush.36.origin
Adware.Adpush.6547
Adware.Myteam.2.origin
Adware.Mobby.5.origin
Adware.Toofan.1.origin

Threats on Google Play

In April, Doctor Web virus analysts discovered several malicious apps on Google Play. New modifications of the Android.Circle trojan family, such as Android.Circle.1.origin, Android.Circle.8 and Android.Circle.14, were among them. They were spread as benign software such as image editing software and sport related apps. Trojans of this family execute scripts with tasks using the built-in open source library, BeanShell. Upon the attackers’ command they can display ads and perform other actions.

According to statistics collected by Dr.Web for Android #drweb According to statistics collected by Dr.Web for Android #drweb

According to statistics collected by Dr.Web for Android #drweb According to statistics collected by Dr.Web for Android #drweb

Along with these malicious apps, the Android.HiddenAds.2124 and Android.Joker.164 trojans were discovered as well. The former was built into the music application and showed obnoxious ads while the latter executed arbitrary code and could subscribe users to premium services. It was spread as picture editing software.

According to statistics collected by Dr.Web for Android #drweb According to statistics collected by Dr.Web for Android #drweb

To protect your Android device from malware and unwanted programs, we recommend installing Dr.Web for Android.

Dr.Web Mobile Security

Your Android needs protection.

Use Dr.Web

  • The first Russian anti-virus for Android
  • Over 140 million downloads—just from Google Play
  • Available free of charge for users of Dr.Web home products

Free download

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2020

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040