A review of virus activity for mobile devices in November 2019

Last November, Doctor Web virus analysts identified another threat in the Google Play directory. Among them were new modifications of the Trojans of the family Android.Jokersign up users for paid mobile services. Cybercriminals redistributed family malware Android.HiddenAdsthat showed annoying ads. In addition, a new version of the backdoor was discovered. Android.Backdoor.735.originintended for cyber espionage.

Mobile threat of the month

In November, Doctor Web experts discovered a new modification of the Trojan in the Google Play catalog Android.Backdoor.735.origin – component of a dangerous backdoor Android.Backdoor.736.origin, which our company reported in July. This malware, also known as PWNDROID1, was spread under the guise of a utility to configure and speed up the browser.

Android.Backdoor.735.origin executes commands of cybercriminals, allows you to manage infected Android devices, spies on their owners and is able to download and run additional malicious components.

  • Android.Backdoor.682.origin – A Trojan that executes commands from cybercriminals and allows them to control infected mobile devices.
  • Android.DownLoader.677.origin – Downloader for other malware.
  • Android.Triada.481.origin – A multifunctional Trojan that performs a variety of malicious actions.
  • Android.MobiDash. 4006 – Trojan program showing annoying ads.
  • Android.RemoteCode.197.origin – Malicious application that downloads and executes arbitrary code.

  • Program.FakeAntiVirus.2.origin – Detection of advertising applications that simulate the operation of antivirus software.
  • Program.RiskMarket.1.origin – An application store that contains trojans and recommends users to install them.
  • Program.HighScore. 3 .origin – An application catalog in which through expensive SMS it is proposed to pay for the installation of free programs available on Google Play.
  • Program.MonitorMinor.1.origin
  • Program.MobileTool.2.origin – Programs that monitor the owners of Android devices and can be used for cyber espionage.

  • Tool.SilentInstaller.6.origin
  • Tool.SilentInstaller.7.origin
  • Tool.SilentInstaller.11.origin
  • Tool.VirtualApk.1.origin – Potentially dangerous software platforms that allow applications to run apk files without installing them.
  • Tool.Rooter.3 – A utility designed to obtain root privileges on Android devices. It can be used by cybercriminals and malware.

Software modules that are built into Android applications and designed to display intrusive ads on mobile devices:

  • Adware.Dowgin.5.origin
  • Adware.Toofan.1.origin
  • Adware.BrowserAd.1
  • Adware.Myteam.2.origin
  • Adware.Altamob.1.origin

Trojans on Google Play

Within a month, Doctor Web virus analysts discovered several new modifications of the Trojan family on Google Play Android.Joker. They hid in seemingly innocuous programs – useful utilities for setting up mobile devices, games, instant messengers, collections of images for the desktop and camera applications. These malicious programs subscribe victims to paid mobile services, download and run malicious modules, and can execute arbitrary code.



New adware Trojans were also revealed. Android.HiddenAds. Attackers distributed them under the guise of games, camera applications, photo editing software, and other programs.


To protect Android devices from malicious and unwanted programs, users should install Dr.Web for Android anti-virus products.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *