My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


February 2015 Android malware overview

March 4, 2015


  • New versions of dangerous Trojans that encrypt files on Android devices
  • The increase in the number of aggressive advertising modules used by software developers to monetize
  • The increase in the number of SMS Trojans
  • New banking Trojans

The number of entries for malicious and unwanted software in the Dr.Web for Android virus database

January 2015February 2015Movement

Mobile threat of the month

At the beginning of February, a number of applications containing a new aggressive advertising module, Adware.MobiDash.1.origin, were detected in the Google Play digital content catalogue. Some of these programs were downloaded by users tens of millions of times. Adware.MobiDash.1.origin incorporates the following features:




Aggressive advertising modules

In the past month Doctor Web security researchers registered the emergence of several new advertising modules with rather aggressive features. Adware.MobiDash.1.origin, which was incorporated in a number of applications on Google Play, became one of them.

Other "unpleasant" advertising modules:




The number of entries of Android.Locker in the Dr.Web virus database:

January 2015February 2015Movement

In February, a dangerous ransomware locker named Android.Locker.71.origin was discovered. The program encrypts files, locks the infected device, and demands a $200 ransom.

screen screen screen

Android.Locker.71.origin uses a unique encryption key to encrypt files on each infected device—this complicates restoring data compromised by the Trojan.

Currently, decryption of the files affected by the actions of this malware is not possible, however, all versions of Android.Locker.71.origin are successfully detected and removed by Dr.Web for Android and, thus, users are protected from this Trojan’s activities.

SMS Trojans

Last month there was a significant increase in the number of new SMS Trojans sending short messages at premium numbers and subscribing users to chargeable services. The number of enentries of Android.SmsSend in the Dr.Web virus database:

January 2015February 2015Movement

Banking Trojans

Once again, there was a splash in activity of various mobile banking Trojans in February. In particular, such malicious applications were spread in South Korea, where cybercriminals launched an SMS mailing again to distribute Trojan download links.

Over 80 spam campaigns involving several malicious programs were registered. Most of them were dropper Trojans.


Android.MulDrop malware

Hides inside other Trojans, which in this case are banking Trojans—the main tools of South Korean criminals.


A malicious program that allows attackers to perform various actions on infected mobile devices.

The following banking Trojans were used by South Korean cybercriminals:

All these programs enable virus writers to gain access to users' bank accounts.

Protect your Android handheld with Dr.Web now

Buy online Buy via Google Play Free of charge