The page may not load correctly.
June 22, 2021
According to detection statistics collected by Dr.Web anti-virus products for Android, in May, adware trojans and malware capable of downloading other applications and executing arbitrary code were among the most common threats found on the protected devices.
Over the course of the month, Doctor Web’s specialists uncovered many new threats on Google Play. Trojans subscribing users to premium mobile services and malicious apps loading fraudulent sites were among them.
Program modules incorporated into Android applications and designed to display obnoxious ads on Android devices. Depending on their family and modifications, they can display full screen ads and block other apps’ windows, show various notifications, create shortcuts and load websites.
In May, Doctor Web’s specialists unveiled many new malicious apps on Google Play. Various trojans from the Android.FakeApp family were among them. The majority of these trojans were spread under the guise of software that allegedly allowed users to find information about payments, allowances and compensations from the government and apply for them. Others were distributed as official apps of the «Русское лото» (Russian Lotto) lottery, in which potential victims were offered free lottery tickets and invited to check other tickets for winnings.
None of these fake apps provided the advertised functionality that Android users were expecting to have. The trojans only loaded fraudulent sites that malicious actors used to steal money and personal information from their victims. At the same time, some of these malicious apps also displayed intrusive and annoying notifications, which also led to the scammers’ websites. These trojans were added to the Dr.Web virus base as Android.FakeApp.262, Android.FakeApp.263, Android.FakeApp.264, Android.FakeApp.265, Android.FakeApp.266, Android.FakeApp.269, Android.FakeApp.270, Android.FakeApp.271, Android.FakeApp.272, and Android.FakeApp.273.
Examples of the trojans' appearance:
Examples of notifications these trojans can display:
Our malware analysts also discovered new trojans from the Android.Joker family, capable of executing arbitrary code and subscribing victims to paid mobile services. These malicious programs were spread as SMS messaging apps, a translator, live wallpaper and photo editing software. They were added to the Dr.Web virus database as Android.Joker.722, Android.Joker.723, Android.Joker.729, Android.Joker.730, Android.Joker.739, Android.Joker.742, and Android.Joker.744.
To protect your Android device from malware and unwanted programs, we recommend installing Dr.Web for Android.
© Doctor Web
2003 — 2023
Doctor Web is a cybersecurity company focused on threat detection, prevention and response technologies