An Android malware that has been part of a cyberespionage operation since 2015, focusing on Middle Eastern targets. Since its initial distribution, the malware has gone through four different updates, each time adding more spyware features.
A backdoor trojan and spyware infecting Android device via Domain Name System (DNS) spoofing to distribute and install malicious Android apps posing as Facebook or Chrome apps. The app collects personally identifiable information (PII) and financial data, and can install additional malicious apps.
An Android malware used to steal user information, obtain credentials for two-factor authentication, and take control of victim’s Android device.
An Android remote access trojan (RAT) disguised as a fake antivirus app capable of exfiltration of data from an infected device.
An Android cryptocurrency-mining malware that poses as a legitimate Google Play update app.
A malicious backdoor that collects information on the infected device including phone manufacturer, type, brand, MAC address, etc. and uses this to initiate an aggressive ad-clicking function to generate income.
Android adware found in seven different applications on the Google Play store.
A new family of Android malware that takes advantage of Telegram’s bot API Command and Control for data exfiltration.
An Android malware that steals personal information including chats, communications, information from social media apps, and device location.
Android adware found pre-installed on nearly 5 million mobile devices worldwide manufactured by Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung, and GIONEE.
An Android spyware that harvests data from the infected device including device audio, phone calls, photos, contacts, files, and device related info such as IMEI, SIM related info, application data, and nearby Wi-Fi networks.
A trojan malware targeting Android devices. that downloads configuration files to display advertisements and collects information from the compromised device.
Developed from the open-source project “Android Image Viewer” and existing as far back as 2014, the malware steals sensitive information, such as SMS, call logs, contacts, location, and SD card file list, and record calls from the victims’ device.
An Android adware found embedded in at least 22 flashlight and utility apps available in the Google Play store, reaching an estimated 1.5 to 7.5 million downloads.
Android malware that can pose as over 2,200 different bank and financial institutions by placing an overlay screen over banking apps in order to trick users into providing usernames and passwords or bank card numbers
Used against Android devices to steal SMS messages, photos, videos, contacts, email accounts, calendar events, and browser histories from Chrome and Samsung Internet Browser. Additionally, it can take screenshots and record audio, including phone calls. It spies on the victims via apps installed on the device.
A mobile malware family used by APT threat group Two-tailed Scorpion, aka APT-C-23, to target Android-powered devices and believed to be a new variant of the VAMP malware, as the two share some C2 infrastructure.