The page may not load correctly.
July 21, 2020
Last month, the number of threats detected on Android devices decreased by 17.2% compared to May. The number of malware and adware lowered by 17.6% and 19.84% respectively. With that, the number of unwanted apps increased by 2.6% and riskware by 14.52%.
Our malware analysts have discovered new threats on Google Play. New modifications of the Android.HiddenAds adware trojan family, as well as the Android.Joker, multifunctional trojan family members, capable of subscribing users to premium services and execute arbitrary code, were among them. Moreover, cybercriminals used Google Play to spread a new banking trojan, which used the Accessibility Services of the Android operating system to install the additional malicious component.
Riskware platforms that allow applications to launch APK files without installation. They create a virtual runtime environment that does not affect the main operating system.
Program modules incorporated into Android applications and designed to display obnoxious ads on Android devices. Depending on their family and modifications, they can display full screen ads and block other apps’ windows, show various notifications, create shortcuts and load websites.
In June, the Dr.Web virus database was updated with new records to detect new malware from the Android.Joker trojan family, such as Android.Joker.204, Android.Joker.209, Android.Joker.217 and Android.Joker.221. The attackers hid them in messenger applications, image collections and software designed to work with documents.
These trojans can automatically subscribe users to premium mobile services, intercepting notifications with confirmation PIN codes, as well as download and execute arbitrary code.
Moreover, new modifications of the Android.HiddenAds adware trojan family, such as Android.HiddenAds.548.origin and Android.HiddenAds.554.origin have also been spotted on Google Play. They were spread under the guise of various games.
Upon their launch, trojans hid their icons from the apps list on the main screen and started to show banners over the windows of other apps, making it difficult to use the infected Android devices.
Also, our malware analysts have found a banking trojan dubbed Android.BankBot.733.origin. Its creators spread it as an app that was supposed to install system updates and provide protection for mobile devices. In reality, this malicious software covertly downloaded an additional component, which it then tried to install using the Accessibility Services.
To protect your Android device from malware and unwanted programs, we recommend installing Dr.Web for Android.
© Doctor Web
2003 — 2022
Doctor Web is a cybersecurity company focused on threat detection, prevention and response technologies
Doctor Web in social networksLink accounts