The second autumn month of this year turned out to be turbulent for owners of Android devices. Doctor Web virus analysts have found a lot of malicious programs in the Google Play catalog, in particular, clicker Trojans who subscribed users to paid services. The detected threats also included malicious applications of the family . They also subscribed victims to expensive services and could execute arbitrary code. In addition, our experts have identified other Trojans.
Mobile Threat of the Month
In early October, Doctor Web users about several clicker Trojans added to the Dr.Web virus database as , ΠΈ . These malicious apps silently downloaded websites where they signed up their victims for paid mobile services. Trojan features:
- embedded in harmless programs;
- protected by a commercial packer;
- disguise themselves as well-known SDKs;
- attack users of certain countries.
During the whole month, our virus analysts also detected other modifications of these clickers, for example, . 791, . 800, . 802, . 808, . 839, . 841. Later, similar malicious applications were found, which received the names .329.origin, .328.origin ΠΈ . 844. They also subscribed victims to paid services, but their developers could be other virus writers. All these Trojans were hidden in seemingly harmless programs β cameras, photo editors, and collections of wallpapers for the desktop.
According to Dr.Web anti-virus products for Android
- .472.origin β A Trojan that displays intrusive ads.
- .5564 - A malicious application that downloads and executes arbitrary code.
- .682.origin β A Trojan that executes malicious commands and allows them to control infected mobile devices.
- .677.origin - Loader of other malware.
- .origin is a multifunctional Trojan that performs a variety of malicious actions.
- .2.origin - Detection of adware applications that imitate antivirus software.
- .1.origin
- .2.origin
- .1.origin
- .4.origin - Programs that spy on Android device owners and can be used for cyber espionage.
- .6.origin
- .7.origin
- .11.origin
- .1.origin - Potentially dangerous software platforms that allow applications to run apk files without installing them.
- Tool.Rooter.3 - A utility designed to obtain root permissions on Android devices. Can be used by hackers and malware.
- . 253
- Adware.Myteam.2.origin
- Adware.Toofan.1.origin
- Adware.Adpush.6547
- Adware.Altamob.1.origin
Trojans on Google Play
Along with clicker Trojans, Doctor Web's virus analysts have detected many new versions and modifications of already known malicious applications from the malware family on Google Play. . Among them - .6, .7, .8, .9, . 12, . 18 ΠΈ .20.origin. These Trojans download and run additional malicious modules, are capable of executing arbitrary code, and subscribe users to expensive mobile services. They are distributed under the guise of useful and harmless programs - collections of images for the desktop, cameras with artistic filters, various utilities, photo editors, games, Internet messengers and other software.
In addition, our experts have discovered another adware Trojan from the who got the name .477.origin. The attackers distributed it under the guise of a video player and an application that provides information about phone calls. Once launched, the Trojan hid its icon in the list of applications on the main screen of the Android OS and started displaying annoying ads.
Also, entries for detecting Trojans were added to the Dr.Web virus database. . 10437 ΠΈ . 10447. They hid in the picture book and the camera app. Both malware intercepted the content of incoming SMS messages, while . 10437 could execute arbitrary code downloaded from the control server.
To protect Android devices from malicious and unwanted programs, users should install Dr.Web anti-virus products for Android.
Source: habr.com