The page may not load correctly.
June 14, 2022
In May, the activity of the Android.Spy.4498 trojan, which steals information from other apps’ notifications, decreased by 13.48%. However, this malware is still the most widespread Android threat. Android.HiddenAds adware trojans are also among the most often detected threats on user devices. Their activity increased by 13.57% compared to April.
Over the month, Doctor Web’s virus laboratory tracked new malware being spread through the Google Play app catalog. Among them were Android.Subscription trojans that subscribe victims to paid mobile services, fraudulent Android.FakeApp apps, Android.HiddenAds adware trojans, and Android.PWS.Facebook password-stealing malware targeting Facebook users.
Program modules incorporated into Android applications. These are designed to display obnoxious ads on Android devices. Depending on their family and modifications, they can display full-screen ads and block other apps’ windows, show various notifications, create shortcuts, and load websites.
The former was an image-collection app called “Wild & Exotic Animal Wallpaper”. It tried to hide from the user, replacing the app’s icon with a less noticeable one, while also changing its name to ‘SIM Tool Kit”. Moreover, this software requested permission from the user to add it to the battery-saving feature exceptions list. This would allow the trojan to display ads even when the device owner did not use this app for a long time.
The latter was spread under the guise of a “Magnifier Flashlight” flashlight application. It hid its icon from the apps list on the home screen menu and periodically displayed advertisement videos and banners. Examples of such ads are shown below:
Yet other trojans designed to steal data that can be used to hack into Facebook accounts have also been uncovered. They were spread as image-editing software like “PIP Pic Camera Photo Editor” (Android.PWS.Facebook.142), “PIP Camera 2022” (Android.PWS.Facebook.143), “Camera Photo Editor” (Android.PWS.Facebook.144) and “Light Exposure Photo Editor” (Android.PWS.Facebook.145), and also astrology-related software called “ZodiHoroscope - Fortune Finder” (Android.PWS.Facebook.141).
Using a number of pretexts (for example, to allegedly unlock their full functionality or disable in-app ads), these trojans ask potential victims to log into their Facebook account. Then they hijack the entered logins, passwords and other authorization data and send this information to cybercriminals.
New trojans from the Android.Subscription family that subscribe users to paid mobile services were among the discovered malware as well. One of them was added to the Dr.Web virus database as Android.Subscription.9. It was distributed as a data recovery app called “Recovery”. Another one, dubbed Android.Subscription.10, was distributed under the guise of a “Driving Real Race” game. Both loaded websites of various affiliate services through which subscription was made.
In addition, malicious actors once again distributed fake apps. One of them was the «Компенсация НДС» (Android.FakeApp.949) app, allegedly designed to help Russian users search for information on social benefits and monetary compensation and receive this money. In reality, it loaded fraudulent websites which cybercriminals used in an attempt to steal victims’ personal information and money.
Attackers passed off another fake app as an “Only Fans App OnlyFans Android” app that allegedly allowed users to obtain free access to closed (private) profiles and paid content on the OnlyFans service.
First, users were asked to take a short survey. Next, this app loaded the fraudulent site on which the process of gaining access was simulated. Potential victims of this scam scheme were asked to complete various tasks, like installing games or apps, and take online surveys. But users did not receive any access at all. Instead, after the successful completion of the tasks, the fraudsters themselves received a reward from affiliate services. This fake app was added to the Dr.Web virus database as Android.FakeApp.951.
The in-app survey designed to lure potential victim to the fraudulent site:
“Obtaining” access to the content through the fraudulent site:
To protect your Android device from malware and unwanted programs, we recommend installing Dr.Web anti-virus products for Android.
© Doctor Web
2003 — 2022
Doctor Web is a cybersecurity company focused on threat detection, prevention and response technologies
Doctor Web in social networksLink accounts