The second month of autumn this year turned out to be turbulent for owners Android-devices. Doctor Web virus analysts have discovered numerous malicious programs in the Google Play catalog, including Trojan-clickers. who subscribed users to paid services. The detected threats also included malicious applications of the family . They also subscribed victims to expensive services and could execute arbitrary code. In addition, our experts have identified other Trojans.
Mobile Threat of the Month
In early October, Doctor Web users about several clicker Trojans added to the Dr.Web virus database as , и . These malicious apps silently downloaded websites where they signed up their victims for paid mobile services. Trojan features:
- embedded in harmless programs;
- protected by a commercial packer;
- disguise themselves as well-known SDKs;
- attack users of certain countries.
During the whole month, our virus analysts also detected other modifications of these clickers, for example, .791, .800, .802, .808, .839, .841. Later, similar malicious applications were found, which received the names .329.origin, .328.origin и .844. They also subscribed victims to paid services, but their developers could be other virus writers. All these Trojans were hidden in seemingly harmless programs — cameras, photo editors, and collections of wallpapers for the desktop.
According to Dr.Web antivirus products, Android
- .472.origin — A Trojan that displays intrusive ads.
- .5564 - A malicious application that downloads and executes arbitrary code.
- .682.origin — A Trojan that executes malicious commands and allows them to control infected mobile devices.
- .677.origin - Loader of other malware.
- .origin is a multifunctional Trojan that performs a variety of malicious actions.
- .2.origin - Detection of adware applications that imitate antivirus software.
- .1.origin
- .2.origin
- .1.origin
- .4.origin — Programs that track owners Android-devices and can be used for cyber espionage.
- .6.origin
- .7.origin
- .11.origin
- .1.origin - Potentially dangerous software platforms that allow applications to run apk files without installing them.
- Tool.Rooter.3 - A utility designed to obtain root privileges on Android-devices. Can be used by attackers and malware.
- .253
- Adware.Myteam.2.origin
- Adware.Toofan.1.origin
- Adware.Adpush.6547
- Adware.Altamob.1.origin
Trojans on Google Play
Along with clicker Trojans, Doctor Web's virus analysts have detected many new versions and modifications of already known malicious applications from the malware family on Google Play. . Among them - .6, .7, .8, .9, .12, .18 и .20.origin. These Trojans download and run additional malicious modules, are capable of executing arbitrary code, and subscribe users to expensive mobile services. They are distributed under the guise of useful and harmless programs - collections of images for the desktop, cameras with artistic filters, various utilities, photo editors, games, Internet messengers and other software.
In addition, our experts have discovered another adware Trojan from the who got the name .477.originThe attackers distributed it under the guise of a video player and an app providing information about phone calls. Once launched, the Trojan hid its icon in the list of applications on the OS home screen. Android and started showing annoying ads.
Also, entries for detecting Trojans were added to the Dr.Web virus database. .10437 и .10447. They hid in the picture book and the camera app. Both malware intercepted the content of incoming SMS messages, while .10437 could execute arbitrary code downloaded from the control server.
For guard Android- To protect devices from malicious and unwanted programs, users should install Dr.Web anti-virus products for Android.
Source: habr.com
