Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

January 2015 Android malware overview

February 3, 2015

PRINCIPAL TRENDS IN JANUARY

  • Banking Trojans
  • New spying Trojans
  • Programs in the Google Play catalogue that feature aggressive advertising
  • Further proliferation of malware embedded into Android firmware or deployed as pre-installed applications

New entries in the Dr.Web for Android virus database

MalwareSpywareAdvertising modules
January 20153511113

Mobile threat of the month

Trojan Android.CaPson.1

Banking Trojans for Android

In the past month Doctor Web registered the emergence of the latest group of banking Trojans for Android. These malicious applications were particularly active in South Korea where they are spread with unsolicited short messages containing their download links.

Over 40 spam campaigns involved in the spread of several malicious programs were registered

screen

Android.MulDrop malware

Malicious programs designed to distribute and install other Android Trojans on Android-powered devices. South Korean virus makers use these malicious applications to spread various banking Trojans.

Android.BankBot.29.origin

The banking Trojan steals authentication information from customers of South Korean banks. Whenever a user runs a legitimate online banking application, the Trojan replaces its interface with a fake copy that prompts the user to enter all the sensitive information needed to access their bank account. The information entered by the user is transmitted to criminals. Under the pretext of subscribing the user to a banking service, Android.BankBot.29.origin attempts to install the malicious program Android.Banker.32.origin.

Android.Banker.50.origin

A banking Trojan that steals money from accounts associated with Android-powered devices.

Cyberespionage software

Cyberespionage remains a pressing issue for users of mobile devices. In January the Dr.Web virus database was updated with a large number of definitions for a variety of commercial spyware that was designed to spy on the owners of the Android smartphones and tablets it was running on. Along with discovering new species in the known spyware families Program.MobileSpy, Program.Tracer, Program.Highster, Program.OwnSpy, Program.MSpy, and numerous others, Doctor Web security researchers examined new programs of this kind, including Program.ZealSpy.1.origin, Program.LetMeSpy.1.origin and Program.CellSpy.1.origin.

Threats in the Google Play catalogue

Applications available on Google Play frequently incorporate potentially dangerous and unwanted modules that display annoying ads. Another module of this sort, which was used by some developers of free software, was discovered in January. It entered the Dr.Web virus database as Adware.HideIcon.1.origin.

Adware.HideIcon.1.origin

Advertising module that generates a profit in Android freeware. Incorporates several harmful features.

screen

screen

screen

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040