A review of virus activity for mobile devices in November 2019
Mobile threat of the month
In November, Doctor Web experts discovered a new modification of the Trojan in the Google Play catalog Android.Backdoor.735.origin – component of a dangerous backdoor Android.Backdoor.736.origin, which our company reported in July. This malware, also known as PWNDROID1, was spread under the guise of a utility to configure and speed up the browser.
Android.Backdoor.735.origin executes commands of cybercriminals, allows you to manage infected Android devices, spies on their owners and is able to download and run additional malicious components.
- Android.Backdoor.682.origin – A Trojan that executes commands from cybercriminals and allows them to control infected mobile devices.
- Android.DownLoader.677.origin – Downloader for other malware.
- Android.Triada.481.origin – A multifunctional Trojan that performs a variety of malicious actions.
- Android.MobiDash. 4006 – Trojan program showing annoying ads.
- Android.RemoteCode.197.origin – Malicious application that downloads and executes arbitrary code.
- Program.FakeAntiVirus.2.origin – Detection of advertising applications that simulate the operation of antivirus software.
- Program.RiskMarket.1.origin – An application store that contains trojans and recommends users to install them.
- Program.HighScore. 3 .origin – An application catalog in which through expensive SMS it is proposed to pay for the installation of free programs available on Google Play.
- Program.MonitorMinor.1.origin
- Program.MobileTool.2.origin – Programs that monitor the owners of Android devices and can be used for cyber espionage.
- Tool.SilentInstaller.6.origin
- Tool.SilentInstaller.7.origin
- Tool.SilentInstaller.11.origin
- Tool.VirtualApk.1.origin – Potentially dangerous software platforms that allow applications to run apk files without installing them.
- Tool.Rooter.3 – A utility designed to obtain root privileges on Android devices. It can be used by cybercriminals and malware.
Software modules that are built into Android applications and designed to display intrusive ads on mobile devices:
- Adware.Dowgin.5.origin
- Adware.Toofan.1.origin
- Adware.BrowserAd.1
- Adware.Myteam.2.origin
- Adware.Altamob.1.origin
Trojans on Google Play
Within a month, Doctor Web virus analysts discovered several new modifications of the Trojan family on Google Play Android.Joker. They hid in seemingly innocuous programs – useful utilities for setting up mobile devices, games, instant messengers, collections of images for the desktop and camera applications. These malicious programs subscribe victims to paid mobile services, download and run malicious modules, and can execute arbitrary code.
New adware Trojans were also revealed. Android.HiddenAds. Attackers distributed them under the guise of games, camera applications, photo editing software, and other programs.
To protect Android devices from malicious and unwanted programs, users should install Dr.Web for Android anti-virus products.