The page may not load correctly.
January 28, 2022
At the same time, more threats have been found on Google Play, like fake apps from the Android.FakeApp malware family. These are used in various fraudulent schemes. Trojans from the Android.Joker family that subscribe users to paid mobile services, and other malware were among discovered threats as well.
Program modules incorporated into Android applications and designed to display obnoxious ads on Android devices. Depending on their family and modifications, they can display full-screen ads and block other apps’ windows, show various notifications, create shortcuts, and load websites.
New members of the Android.Joker malware family have been discovered on Google Play in December of 2021. These malicious apps download and run arbitrary code and subscribe users to paid mobile services. For example, Android.Joker.1097 and Android.Joker.1126 trojans were hiding in the messenger apps called Color Message and Elegant SMS. Android.Joker.1129 was spread as a Speed Clean Pro optimization tool designed to improve Android devices’ OS speed and functionality. The Android.Joker.1157 trojan was disguised as a PDF Camera Scanner app that allowed creating PDF documents, and Android.Joker.1160 as a Blood Pressure Record app to help users control their blood pressure.
Our malware analysts also discovered another trojan from the Android.PWS.Facebook family. These malicious apps steal logins, passwords, and other data required to hack into Facebook accounts. The new modification of this family was spread as the Vasee Bluenee Slideshow app, designed to create slideshows and video clips. Its components were added to the Dr.Web virus base as Android.PWS.Facebook.101 and Android.PWS.Facebook.102.
Moreover, we also found more fake apps that are used in various scam schemes. The attackers spread some of them as software that provided information on social support in Russia. These apps include Android.FakeApp.721 (“Выплаты пособий населению” app) and Android.FakeApp.724 (“ФРП РУ Выплаты” app). Through them, the users could allegedly receive corresponding payments and compensations. The trojans, however, only loaded fraudulent websites where victims had to provide their personal information and pay a “commission” or “tax” to “transfer” money to their bank account.
Trojans dubbed Android.FakeApp.722 and Android.FakeApp.723 had similar functionality. Malware creators disguised them as apps that allegedly provided free lottery tickets. These programs loaded websites where users had to pay a “commission” in order to “get” the tickets and prizes.
At the same time, the Android.FakeApp.727 and Android.FakeApp.729 trojans were spread as cryptocurrency mining software. They hid in apps called Dogecoin Mining Cloud, Litecoin Mining Cloud, Bitcoin Miner, Ethereum Mining Cloud, and BTC Mining Cloud. Users who installed them were offered to gain cryptocurrency through the cloud service. To increase their mining power, they had to pay for premium plans.
These are not the first trojans of this type. For example, as early as August 2021, Doctor Web malware analysts discovered a similar malicious app called Multimine - BTC Cloud Mining. We added it to the Dr.Web virus base as Android.FakeApp.336.
To protect your Android device from malware and unwanted programs, we recommend installing Dr.Web for Android.
© Doctor Web
2003 — 2023
Doctor Web is a cybersecurity company focused on threat detection, prevention and response technologies