SonicSpy

SonicSpy

SonicSpy is a variant of malware that has surfaced on the Google Play Store, masquerading as a messaging application. Although it does allow the user to message contacts as advertised, it also records audio, takes photos, makes phone calls, sends text messages, and retrieves data from contacts, WiFi hotspots, and call logs, all without alerting the user of its activities.

SpyDealer

SpyDealer

SpyDealer is an Android trojan that is able to gain root privilege on devices running versions 2.2 to 4.4, steal data from over 40 applications, and spy on users by recording phone calls, taking photos via front or rear cameras, geotracking, or capturing screenshots. According to Palo Alto, SpyDealer is capable of controlling a device remotely via SMS, UDP, and TCP communications.

AdDown

AdDown

AdDown is a type of Android adware that shows ads to infected users, collects personal data on its victims, and secretly installs apps without the user's knowledge. This adware was discovered in January 2015. Trend Micro says it detected the adware in over 800 apps that were uploaded on the Play Store, usually within small utility apps, such as wallpaper changers, photo editors, and flashlight apps. AdDown has evolved into three different variants: JoymobileNativemob, and Xavier

Dvmap

Dvmap

Dvmap is a type of Android rooting malware that has been downloaded more than 50,000 times from the Google Play Store. This malware is capable of injecting malicious code into the system runtime libraries, either libdmv.so or libandroid_runtime.so and monitor information and install other applications.

Triada

A remote access trojan (RAT) used to infect and spy on Android devices. In January 2017, Check Point named Triada as the top mobile malware threat after discovering the malware contained a modular backdoor to infect the Zygote process. In April 2017, it began using a DroidPlugin sandbox to evade antivirus detection.