According to October statistics collected by Dr.Web for Android antivirus products, adware trojans and malware that download other software and execute arbitrary code remain among most common threats for users.

Last month, our specialists discovered more malware spread on Google Play. Among those were trojans that subscribe victims to premium services, malware that steals Facebook accounts’ logins and passwords, and trojans that use Android devices as proxy servers.

PRINCIPAL TRENDS IN OCTOBER

The activity of adware trojans and malware that download other software
The emergence of new malware on Google Play

According to statistics collected by Dr.Web for Android

Android.MobiDash.6244: A trojan designed to display obnoxious ads, distributed as popular applications. In some cases, it can be installed in the system directory by other malware.
Android.HiddenAds.1994
Android.HiddenAds.615.origin: Trojans designed to display obnoxious ads. Trojans of this family are often distributed as harmless applications and, in some cases, are installed in the system directory by other malware.
Android.Triada.4567
Android.Triada.510.origin: A multifunctional trojans performing various malicious actions. This malware belongs to the trojan family that infects other app processes. Some modifications of this family were found in the firmware of Android devices, which attackers implanted during manufacturing. Some of them can also exploit various vulnerabilities to gain access to protected system files and folders.

Program.FakeAntiVirus.1: The detection name for adware programs that imitate anti-virus software. These apps inform users of non-existing threats, mislead them, and demand they purchase the full version of the software.
Program.SecretVideoRecorder.1.origin: An application designed to record videos and take photos in the background using built-in cameras of Android devices. It can operate covertly, allowing to disable notifications about ongoing recordings, as well as to replace the app’s icon and name with the fake ones. Such functionality makes this software potentially dangerous.
Program.FreeAndroidSpy.1.origin
Program.Gemius.1.origin: Applications that spy on Android users and can be used for cyber espionage. Depending on their modification and version, they can control the location of the device, collect information on calls, SMS, and social media chats, gain access to a phone book and user contact list, record the surroundings, and can also copy multimedia and other files, such as photos, videos, documents, etc.
Program.KeyStroke.3: An Android application capable of intercepting keystrokes. Some modifications of this software can also track incoming SMS, control calls history, and record phone calls.

Tool.SilentInstaller.14.origin
Tool.SilentInstaller.6.origin
Tool.SilentInstaller.13.origin
Tool.SilentInstaller.7.origin: Riskware platforms that allow applications to launch APK files without installation. They create a virtual runtime environment that does not affect the main operating system.
Tool.Packer.1.origin: A packer tool designed to protect Android applications from their unauthorized modification and reverse engineering. This tool is not malicious by itself, but it can be used to protect both harmless and malicious software.

Program modules incorporated into Android applications and designed to display obnoxious ads on Android devices. Depending on their family and modifications, they can display full-screen ads and block other apps’ windows, show various notifications, create shortcuts, and load websites.

Adware.SspSdk.1.origin
Adware.AdPush.36.origin
Adware.Adpush.16510
Adware.Adpush.6547
Adware.Myteam.2.origin

Threats on Google Play

Among the threats discovered on Google Play, we found more trojans designed to steal Facebook logins and passwords. They spread as useful apps, such as photo and video editing software (like “Pix Photo Motion Edit 2021”, “Collage Maker — Mirror Effect Editor”, and “Video Maker with Music”), or VPN clients (like “Kangaroo VPN”, “S-VPN Proxy”, and “Lightning VPN”). The trojans were added to the Dr.Web virus base as Android.PWS.Facebook.38, Android.PWS.Facebook.40, Android.PWS.Facebook.41, Android.PWS.Facebook.59, Android.PWS.Facebook.64, and Android.PWS.Facebook.67.

Moreover, Doctor Web’s malware analysts discovered new modifications of dangerous Android.Joker trojans. They subscribe users to paid mobile services and download and execute arbitrary code. These were dubbed Android.Joker.1012 and Android.Joker.1017. The trojans spread as applications that notify users of incoming calls and messages, like “Color Call Flash Alert” and “Call Apply Flasher”.

Additionally, our specialists uncovered Android.Proxy.29 and Android.Proxy.41.origin malware spread as apps that tune and improve Android devices’ performance, called “Mobile Battery Saver” and “Optimizer”. In reality, these were trojans that turned infected devices into proxy servers to redirect perpetrators’ network traffic.

To protect your Android device from malware and unwanted programs, we recommend installing Dr.Web for Android.

Your Android needs protection.

Use Dr.Web

The first Russian anti-virus for Android
Over 140 million downloads—just from Google Play
Available free of charge for users of Dr.Web home products

Free download