February 4, 2014

As in the previous year, Doctor Web's security researchers continue to monitor statistics collected by Dr.Web for Android. In January 2014, 11,063,873 samples of unwanted or malignant programs were identified on mobile devices, and the anti-virus usually blocked the operation of adware.

From January 1-30, Dr.Web for Android discovered 11,063,873 malignant or unwanted programs, with about 300,000 threats exposed on a daily basis. Saturday, January 11, accounts for the maximum number of the anti-virus's positives—589,172, while the fewest number of incidents (293,078) was registered on January 1.

Adware.Revmob.1.origin was the most common unwanted application; it was detected in 1,260,374 incidents. It is closely followed by Adware.Airpush.7.origin and Adware.Airpush.21.origin (1,016,462 and 683,738 detections, respectively). Android.SmsSend.749.origin, which sends paid SMS messages to premium numbers, proved to be the most common malignant program. The top ten Trojans most frequently detected by Dr.Web Anti-virus for Android are listed below.

In terms of the total number of threats to Android detected, Moscow is the most severely "infected" city in the world. Baghdad ranks second. Third and fourth places are taken by the Saudi cities of Riyadh and Jeddah. Cities ranked according to the number of threats identified in January 2014 are shown below.

Threats to Android, by city

It should be noted that 85.7% of malware programs are detected on smart phones; tablets account for only 14.3% of virus incidents.

Detected malware, by device type

Users will also remember January 2014 for the appearance of the first-ever Android bootkit which was added to the Dr.Web virus database as Android.Oldboot.1. This Trojan resides in the protected memory area, so it can run in the early Android loading stage and is hard to remove completely. When launched, Android.Oldboot.1 extracts several components and puts them in the system folders, installing them as ordinary applications. The malware’s main objective is to execute various commands issued by a remote command and control server.

As of January 30, 2014, the number of mobile devices infected with Android.Oldboot.1 exceeded 850,000, which is a 240% increase over the total on 24 January when Doctor Web first warned users about the threat. It has been discovered in European countries, Southeast Asia, and North and .South America. It should be noted though that most incidents occurred in whose market has been the primary target of the criminals behind the malware.

Most users of Dr.Web live in Russia. Dr.Web for Android also enjoys considerable popularity among residents of Suadi Arabia, Iraq, Kazakhstan, Turkey and the Ukraine. The percentage of users who have chosen Dr.Web for Android and Dr.Web for Android Light.

Dr.Web for Android users, by country

Just like last year, the vast majority of users who are installing Dr.Web for Android own Samsung-manufactured devices. Samsung GT-I9300 Galaxy S III (8.26%) was the most popular device in January 2014. Samsung GT-S7562 Galaxy S Duos (3.98%) ranked second, followed by Samsung GT-I9100 Galaxy S II (3.73%). The least common devices running Dr.Web for Android include Craig CMP741D, Hisense E920, Kyocera ISW11K, Motorola A1680 and NEC N-07D (only one device per model in the world).

Doctor Web's analysts will continue to monitor the statistics and inform users about the latest threats and the overall security situation.

Learn more with Dr.Web

Virus statistics Virus descriptions Virus monthly reviews Laboratory-live