Key trends in November include:

• Malware activity massively drops.
• Adware remains among the top threats.
• User requests to decrypt files affected by encoders witness a decline.

According to statistics collected by Dr.Web for Android anti-virus products, in November, Android device owners most often encountered adware trojans. Various malicious software capable of downloading other apps and executing arbitrary code also remain among the most common threats.

Our specialists discovered new malicious apps on Google Play throughout November. Trojans from the Android.PWS.Facebook and Android.Joker families were among them. The former steals data that can be used to hack into Facebook accounts while the latter subscribes victims to paid mobile services. Another threat has also been found on AppGallery. Malicious actors used this app catalog to spread games with the Android.Cynos.7.origin trojan built into them. This trojan sends the users’ mobile phone number and device information to a remote server.

Also, Doctor Web published a study that assessed the safety of children’s smartwatches. It revealed that such devices could contain vulnerabilities, like pre-installed trojan software.

TRENDS IN NOVEMBER

•  Adware trojans remain among the most common threats for Android-based device users
•  New threats discovered on Google Play
• Another threat discovered on AppGallery

Threat of the month

At the end of November, Doctor Web announced the discovery of dozens of games with built-in Android.Cynos.7.origin Trojan on AppGallery. This malware collects and sends information about users’ mobile phones and their devices to the perpetrators. In addition to that, it displays ads.

Threats on Google Play

Last month, Doctor Web’s malware analysts discovered new trojans from the Android.PWS.Facebook family on Google Play. These are designed to steal logins, passwords, and other data to hack Facebook accounts. They were added to the Dr.Web virus base as Android.PWS.Facebook.75, Android.PWS.Facebook.76, Android.PWS.Facebook.93, and Android.PWS.Facebook.97. The trojans spread as the “EasySnap Camera” image editing software, the “Race Master 3D Game” racing game, as well as “Touch VPN Proxy” and “Star VPN Master” VPN clients.

Moreover, our specialists uncovered other trojans from the Android.Joker family, dubbed Android.Joker.1060, Android.Joker.1061, Android.Joker.1068, and Android.Joker.1076. Malicious actors spread them under the guise of harmless apps, like the “Wallpaper Retro” image collection app, as well as various messengers, such as “Light Messages”, “Colorful Emoji Message”, and “Diverse SMS”. Upon infecting Android devices, the trojans subscribed their users to paid mobile services and could download and execute arbitrary code.

Share: