Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

February 2015 Android malware overview

March 4, 2015

PRINCIPAL TRENDS IN FEBRUARY

  • New versions of dangerous Trojans that encrypt files on Android devices
  • The increase in the number of aggressive advertising modules used by software developers to monetize
  • The increase in the number of SMS Trojans
  • New banking Trojans

The number of entries for malicious and unwanted software in the Dr.Web for Android virus database

January 2015February 2015Movement
60876665+9,5%

Mobile threat of the month

At the beginning of February, a number of applications containing a new aggressive advertising module, Adware.MobiDash.1.origin, were detected in the Google Play digital content catalogue. Some of these programs were downloaded by users tens of millions of times. Adware.MobiDash.1.origin incorporates the following features:

screen

screen

screen

Aggressive advertising modules

In the past month Doctor Web security researchers registered the emergence of several new advertising modules with rather aggressive features. Adware.MobiDash.1.origin, which was incorporated in a number of applications on Google Play, became one of them.

Other "unpleasant" advertising modules:

Adware.HiddenAds.1

Adware.Adstoken.1.origin

Ransomware

The number of entries of Android.Locker in the Dr.Web virus database:

January 2015February 2015Movement
159174+9,4%

In February, a dangerous ransomware locker named Android.Locker.71.origin was discovered. The program encrypts files, locks the infected device, and demands a $200 ransom.

screen screen screen

Android.Locker.71.origin uses a unique encryption key to encrypt files on each infected device—this complicates restoring data compromised by the Trojan.

Currently, decryption of the files affected by the actions of this malware is not possible, however, all versions of Android.Locker.71.origin are successfully detected and removed by Dr.Web for Android and, thus, users are protected from this Trojan’s activities.

SMS Trojans

Last month there was a significant increase in the number of new SMS Trojans sending short messages at premium numbers and subscribing users to chargeable services. The number of enentries of Android.SmsSend in the Dr.Web virus database:

January 2015February 2015Movement
28703264+13,7%

Banking Trojans

Once again, there was a splash in activity of various mobile banking Trojans in February. In particular, such malicious applications were spread in South Korea, where cybercriminals launched an SMS mailing again to distribute Trojan download links.

Over 80 spam campaigns involving several malicious programs were registered. Most of them were dropper Trojans.

screen

Android.MulDrop malware

Hides inside other Trojans, which in this case are banking Trojans—the main tools of South Korean criminals.

Android.BackDoor.20

A malicious program that allows attackers to perform various actions on infected mobile devices.

The following banking Trojans were used by South Korean cybercriminals:

All these programs enable virus writers to gain access to users' bank accounts.

Protect your Android handheld with Dr.Web now

Buy online Buy via Google Play Free of charge

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040