My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


January 2015 Android malware overview

February 3, 2015


  • Banking Trojans
  • New spying Trojans
  • Programs in the Google Play catalogue that feature aggressive advertising
  • Further proliferation of malware embedded into Android firmware or deployed as pre-installed applications

New entries in the Dr.Web for Android virus database

MalwareSpywareAdvertising modules
January 20153511113

Mobile threat of the month

Trojan Android.CaPson.1

Banking Trojans for Android

In the past month Doctor Web registered the emergence of the latest group of banking Trojans for Android. These malicious applications were particularly active in South Korea where they are spread with unsolicited short messages containing their download links.

Over 40 spam campaigns involved in the spread of several malicious programs were registered


Android.MulDrop malware

Malicious programs designed to distribute and install other Android Trojans on Android-powered devices. South Korean virus makers use these malicious applications to spread various banking Trojans.


The banking Trojan steals authentication information from customers of South Korean banks. Whenever a user runs a legitimate online banking application, the Trojan replaces its interface with a fake copy that prompts the user to enter all the sensitive information needed to access their bank account. The information entered by the user is transmitted to criminals. Under the pretext of subscribing the user to a banking service, Android.BankBot.29.origin attempts to install the malicious program Android.Banker.32.origin.


A banking Trojan that steals money from accounts associated with Android-powered devices.

Cyberespionage software

Cyberespionage remains a pressing issue for users of mobile devices. In January the Dr.Web virus database was updated with a large number of definitions for a variety of commercial spyware that was designed to spy on the owners of the Android smartphones and tablets it was running on. Along with discovering new species in the known spyware families Program.MobileSpy, Program.Tracer, Program.Highster, Program.OwnSpy, Program.MSpy, and numerous others, Doctor Web security researchers examined new programs of this kind, including Program.ZealSpy.1.origin, Program.LetMeSpy.1.origin and Program.CellSpy.1.origin.

Threats in the Google Play catalogue

Applications available on Google Play frequently incorporate potentially dangerous and unwanted modules that display annoying ads. Another module of this sort, which was used by some developers of free software, was discovered in January. It entered the Dr.Web virus database as Adware.HideIcon.1.origin.


Advertising module that generates a profit in Android freeware. Incorporates several harmful features.