Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Doctor Web’s June 2020 overview of malware detected on mobile devices

July 21, 2020

Last month, the number of threats detected on Android devices decreased by 17.2% compared to May. The number of malware and adware lowered by 17.6% and 19.84% respectively. With that, the number of unwanted apps increased by 2.6% and riskware by 14.52%.

Our malware analysts have discovered new threats on Google Play. New modifications of the Android.HiddenAds adware trojan family, as well as the Android.Joker, multifunctional trojan family members, capable of subscribing users to premium services and execute arbitrary code, were among them. Moreover, cybercriminals used Google Play to spread a new banking trojan, which used the Accessibility Services of the Android operating system to install the additional malicious component.

PRINCIPAL TRENDS IN JUNE

  • An increased number of threats detected on Android mobile devices
  • The appearance of new threats on Google Play

According to statistics collected by Dr.Web for Android

According to statistics collected by Dr.Web for Android #drweb

Android.HiddenAds.530.origin
A trojan designed to display obnoxious ads and distributed as popular applications. In some cases, it can be installed in the system directory by other malware.
Android.DownLoader.906.origin
A trojan that downloads other malware and unwanted software. It can be hidden inside seemingly harmless apps found on Google Play or malicious websites.
Android.RemoteCode.6122
Android.RemoteCode.256.origin
Malicious applications that download and execute arbitrary code. Depending on their modification, they can load various websites, open web links, click on advertisement banners, subscribe users to premium services and perform other actions.
Android.MobiDash.20.origin
A trojan that displays obnoxious ads. It represents a special software module that is incorporated into applications by the developers.

According to statistics collected by Dr.Web for Android #drweb

Program.FreeAndroidSpy.1.origin
Program.Mrecorder.1.origin
Program.Asgard.1.origin
Software that monitors Android user activity and may serve as a tool for cyber espionage. These apps can track device locations, collect information from SMS and social media messages, copy documents, photo and video, spy on phone calls, etc.
Program.FakeAntiVirus.2.origin
Detection name for adware programs that imitate anti-virus software. These apps inform users of non-existing threats, mislead them and demand they purchase the full version of the software.
Program.CreditSpy.2
Detection name for programs designed to assign credit ratings to users based on their personal data. These applications upload SMS, contact information from phonebooks, call history and other information to the remote server.

According to statistics collected by Dr.Web for Android #drweb

Riskware platforms that allow applications to launch APK files without installation. They create a virtual runtime environment that does not affect the main operating system.

Tool.SilentInstaller.6.origin
Tool.SilentInstaller.11.origin
Tool.SilentInstaller.13.origin
Tool.SilentInstaller.14.origin
Tool.VirtualApk.1.origin

According to statistics collected by Dr.Web for Android #drweb

Program modules incorporated into Android applications and designed to display obnoxious ads on Android devices. Depending on their family and modifications, they can display full screen ads and block other apps’ windows, show various notifications, create shortcuts and load websites.

Adware.Adpush.36.origin
Adware.Adpush.6547
Adware.Mobby.5.origin
Adware.Myteam.2.origin
Adware.Toofan.1.origin

Threats on Google Play

In June, the Dr.Web virus database was updated with new records to detect new malware from the Android.Joker trojan family, such as Android.Joker.204, Android.Joker.209, Android.Joker.217 and Android.Joker.221. The attackers hid them in messenger applications, image collections and software designed to work with documents.

According to statistics collected by Dr.Web for Android #drweb According to statistics collected by Dr.Web for Android #drweb

According to statistics collected by Dr.Web for Android #drweb According to statistics collected by Dr.Web for Android #drweb

These trojans can automatically subscribe users to premium mobile services, intercepting notifications with confirmation PIN codes, as well as download and execute arbitrary code.

Moreover, new modifications of the Android.HiddenAds adware trojan family, such as Android.HiddenAds.548.origin and Android.HiddenAds.554.origin have also been spotted on Google Play. They were spread under the guise of various games.

According to statistics collected by Dr.Web for Android #drweb According to statistics collected by Dr.Web for Android #drweb

According to statistics collected by Dr.Web for Android #drweb According to statistics collected by Dr.Web for Android #drweb

Upon their launch, trojans hid their icons from the apps list on the main screen and started to show banners over the windows of other apps, making it difficult to use the infected Android devices.

Also, our malware analysts have found a banking trojan dubbed Android.BankBot.733.origin. Its creators spread it as an app that was supposed to install system updates and provide protection for mobile devices. In reality, this malicious software covertly downloaded an additional component, which it then tried to install using the Accessibility Services.

According to statistics collected by Dr.Web for Android #drweb

To protect your Android device from malware and unwanted programs, we recommend installing Dr.Web for Android.

Dr.Web Mobile Security

Your Android needs protection.

Use Dr.Web

  • The first Russian anti-virus for Android
  • Over 140 million downloads—just from Google Play
  • Available free of charge for users of Dr.Web home products

Free download

The Russian developer of Dr.Web anti-viruses
Doctor Web has been developing anti-virus software since 1992
Dr.Web is trusted by users around the world in 200+ countries
The company has delivered an anti-virus as a service since 2007
24/7 tech support

Dr.Web © Doctor Web
2003 — 2020

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040