from Virus alerts
August 31, 2015
PRINCIPAL TRENDS IN AUGUST
- Banking Trojans continue to threaten mobile devices' owners
- New cases of Android Trojans being employed by cybercriminals to spy on users
- Growing number of Android ransomware
- Growing number of SMS Trojans
Number of entries for malicious and unwanted software targeting Android OS in Dr.Web virus database
| July 2015 | August 2015 | Dynamics |
|---|---|---|
| 11,422 | 12,504 | +9.47% |
Mobile threat of the month
In August, Doctor Web security researchers detected and examined a new Android Trojan named Android.Backdoor.260.origin. This malicious program is distributed among Chinese users and is intended to spy on its victims. In particular, the Trojan can intercept SMS and QQ messages, steal contact list data, make audio records using the built-in microphone, track GPS coordinates of the infected device, and collect data entered by the user.
Android.Backdoor.260.origin has the following characteristics:
- Gets installed on the system as an update
- Once launched, removes its shortcut “hiding” from the user
- Attempts to plant a number of modules into system folders
- Communication between malicious components is carried out through UNIX sockets
- Tries to install a potentially dangerous utility that allows to intercept data entered by the user
- Can be controlled by cybercriminals remotely
Find out more about the malicious application in this news article.
Banking Trojans
During the previous month, virus makers continued to distribute various Trojans designed to steal money from bank accounts of mobile devices' owners. Although the number of such attacks was not as large as before, many users still fell victim to them. Again, to distribute banking Trojans, cybercriminals employed spam campaigns involving short messages with malware download links.
In such manner, a Trojan under the name of Android.MulDrop.69.origin was distributed among Android users in South Korea. The malware installed Android.MulDrop.38 on mobile devices, and this program, in turn, installed a banking Trojan named Android.BankBot.74.origin.
In Russia, cybercriminals employed MMS messages to distribute such banking Trojans as Android.SmsBot.365.origin and Android.SmsBot.451.origin.
The number of entries for banking Trojans of the Android.BankBot family in Dr.Web virus database:
| July 2015 | August 2015 | Dynamics |
|---|---|---|
| 135 | 138 | +2.22% |
The number of entries for banking Trojans of the Android.SmsBot family in Dr.Web virus database:
| July 2015 | August 2015 | Dynamics |
|---|---|---|
| 473 | 495 | +4.65% |
-
Android.MulDrop.69.origin
A Trojan designed to distribute and install other malware on Android mobile devices.
-
Android.MulDrop.38
A Trojan designed to distribute and install other malware on Android mobile devices.
-
Android.BankBot.74.origin
A Trojan designed to steal money from bank accounts of Android devices' owners.
-
Android.SmsBot.365.origin
A Trojan designed to steal money from bank accounts of Android devices' owners.
-
Android.SmsBot.451.origin
A Trojan designed to steal money from bank accounts of Android devices' owners.
Android ransomware
In August, the number of ransomware Trojans belonging to the Android.Locker family grew significantly. These malicious programs lock mobile devices and demand a ransom to unlock them. During the previous month, Dr.Web virus database was updated with new entries for these Trojans:
| July 2015 | August 2015 | Dynamics |
|---|---|---|
| 356 | 431 | +21% |
SMS Trojans
Moreover, during the previous month, a large number of new SMS Trojans were detected. These malicious applications send messages to premium numbers and subscribe users to chargeable services without their victims' knowledge. The number of entries for SMS Trojans of the Android.SmsSend family in Dr.Web virus database:
| July 2015 | August 2015 | Dynamics |
|---|---|---|
| 5,259 | 5,728 | +9% |
