An Android malware that surreptitiously installs additional malware on an affected device using the Toast Overlay attack.
An Android Malware that when installed starts a SOCKS proxy on all infected devices and awaits commands from a remote botnet command-and-control (C2) server. It was found present in eight apps on the Google Play store in October 2017.
SonicSpy is a variant of malware that has surfaced on the Google Play Store, masquerading as a messaging application. Although it does allow the user to message contacts as advertised, it also records audio, takes photos, makes phone calls, sends text messages, and retrieves data from contacts, WiFi hotspots, and call logs, all without alerting the user of its activities.
SpyDealer is an Android trojan that is able to gain root privilege on devices running versions 2.2 to 4.4, steal data from over 40 applications, and spy on users by recording phone calls, taking photos via front or rear cameras, geotracking, or capturing screenshots. According to Palo Alto, SpyDealer is capable of controlling a device remotely via SMS, UDP, and TCP communications.
AdDown is a type of Android adware that shows ads to infected users, collects personal data on its victims, and secretly installs apps without the user's knowledge. This adware was discovered in January 2015. Trend Micro says it detected the adware in over 800 apps that were uploaded on the Play Store, usually within small utility apps, such as wallpaper changers, photo editors, and flashlight apps. AdDown has evolved into three different variants: Joymobile, Nativemob, and Xavier.
Dvmap is a type of Android rooting malware that has been downloaded more than 50,000 times from the Google Play Store. This malware is capable of injecting malicious code into the system runtime libraries, either libdmv.so or libandroid_runtime.so and monitor information and install other applications.
Android trojan embedded in a flashlight widget app. When a user opens certain apps, such as those for social media or banking, the malware overlays a fake login page on top of the legitimate app to steal the user’s credentials. It can also bypass two-factor authentication by intercepting SMS messages.
Android malware embedded in 200 Android applications available on the Google Play Store. It can bypass security restrictions and hide malicious activity in normal traffic. Business are especially at risk as it is designed to infect internal networks and private servers to gain access to corporate data.
A remote access trojan (RAT) used to infect and spy on Android devices. In January 2017, Check Point named Triada as the top mobile malware threat after discovering the malware contained a modular backdoor to infect the Zygote process. In April 2017, it began using a DroidPlugin sandbox to evade antivirus detection.
An advanced Android malware, believed to be the counterpart to the Pegasus iOS malware. Its features allow perpetrators to access multiple features on the Android device including the camera, messages, call logs, and more.
Android malware that can collect personal user data, display phishing messages to collect login credentials, intercept SMS messages to bypass two-factor authentication or one-time codes used by banks.
A family of malicious ad fraud applications targeting Android devices. It tricks users into clicking ads by displaying deceptive graphics. It uses obfuscation and anti-analysis techniques to remain undetected.
Skinner is Android adware that was found on the Google Play Store by Check Point researchers in March 2017. It is the the first Android malware variant capable of tailoring ads to its victims.