December 9, 2021
According to statistics collected by Dr.Web for Android anti-virus products, in November, Android device owners most often encountered adware trojans. Various malicious software capable of downloading other apps and executing arbitrary code also remain among the most common threats.
Our specialists discovered new malicious apps on Google Play throughout November. Trojans from the Android.PWS.Facebook and Android.Joker families were among them. The former steals data that can be used to hack into Facebook accounts while the latter subscribes victims to paid mobile services. Another threat has also been found on AppGallery. Malicious actors used this app catalog to spread games with the Android.Cynos.7.origin trojan built into them. This trojan sends the users’ mobile phone number and device information to a remote server.
Also, Doctor Web published a study that assessed the safety of children’s smartwatches. It revealed that such devices could contain vulnerabilities, like pre-installed trojan software.
PRINCIPAL TRENDS IN NOVEMBER
- Adware trojans remain among the most common threats for Android-based device users
- New threats discovered on Google Play
- Another threat discovered on AppGallery
Threat of the month
At the end of November, Doctor Web announced the discovery of dozens of games with built-in Android.Cynos.7.origin trojan spread on AppGallery. This malware collects and sends information about users’ mobile phones and their devices to the perpetrators. In addition to that, it displays ads. Read more on this case in our news release.
According to statistics collected by Dr.Web for Android
- Trojans designed to display obnoxious ads. Trojans of this family are often distributed as popular and harmless applications. In some cases, other malware can install them in the system directory. When these trojans infect Android devices, they typically conceal their presence from the user. For example, they “hide” their icons from the home screen menu. The Android.HiddenAds.3018 is a newer version of the Android.HiddenAds.1994 trojan.
- A multifunctional trojan that performs various malicious actions. This malware belongs to the trojan family that infects other app processes. Some modifications of this family can be found in the firmware of Android devices, which attackers implanted during manufacturing. Some of them can also exploit various vulnerabilities to gain access to protected system files and folders.
A trojan that displays obnoxious ads. It represents a special software module that is incorporated into applications by the developers.
- The detection name for adware programs that imitate anti-virus software. These apps inform users of non-existing threats, mislead them, and demand they purchase the full version of the software.
- An application designed to record videos and take photos in the background using Android devices’ built-in cameras. It can operate covertly, allowing to disable notifications about ongoing recordings, as well as to replace the app’s icon and name with fake ones. Such functionality makes this software potentially dangerous.
- Applications that spy on Android users and can be used for cyber espionage. Depending on their modification and version, they can control the device’s location, collect information on calls, SMS, and social media chats, and gain access to a phone book and user contact list. They can also record the surroundings, and copy multimedia and other files, such as photos, videos, documents, etc.
- An Android application capable of intercepting keystrokes. Some modifications of this software can also track incoming SMS, control call history, and record phone calls.
- Riskware platforms that allow applications to launch APK files without installation. They create a virtual runtime environment that does not affect the main operating system.
- The detection name for applications protected by the Obfuscapk obfuscation tool. This tool is used to automatically modify and scramble Android apps’ source code to make reverse engineering more difficult. Cybercriminals use the tool to protect malicious applications from being detected by anti-virus programs.
Program modules incorporated into Android applications and designed to display obnoxious ads on Android devices. Depending on their family and modifications, they can display full-screen ads and block other apps’ windows, show various notifications, create shortcuts, and load websites.
Threats on Google Play
Last month, Doctor Web’s malware analysts discovered new trojans from the Android.PWS.Facebook family on Google Play. These are designed to steal logins, passwords, and other data to hack Facebook accounts. They were added to the Dr.Web virus base as Android.PWS.Facebook.75, Android.PWS.Facebook.76, Android.PWS.Facebook.93, and Android.PWS.Facebook.97. The trojans spread as the “EasySnap Camera” image editing software, the “Race Master 3D Game” racing game, as well as “Touch VPN Proxy” and “Star VPN Master” VPN clients.
Moreover, our specialists uncovered other trojans from the Android.Joker family, dubbed Android.Joker.1060, Android.Joker.1061, Android.Joker.1068, and Android.Joker.1076. Malicious actors spread them under the guise of harmless apps, like the “Wallpaper Retro” image collection app, as well as various messengers, such as “Light Messages”, “Colorful Emoji Message”, and “Diverse SMS”. Upon infecting Android devices, the trojans subscribed their users to paid mobile services and could download and execute arbitrary code.
To protect your Android device from malware and unwanted programs, we recommend installing Dr.Web for Android.
Ваш Android нуждается в защите.
- Первый российский антивирус для Android
- Более 140 миллионов скачиваний только с Google Play
- Бесплатный для пользователей домашних продуктов Dr.Web