An Android adware found embedded in at least 22 flashlight and utility apps available in the Google Play store, reaching an estimated 1.5 to 7.5 million downloads.
Android malware that can pose as over 2,200 different bank and financial institutions by placing an overlay screen over banking apps in order to trick users into providing usernames and passwords or bank card numbers
Used against Android devices to steal SMS messages, photos, videos, contacts, email accounts, calendar events, and browser histories from Chrome and Samsung Internet Browser. Additionally, it can take screenshots and record audio, including phone calls. It spies on the victims via apps installed on the device.
A mobile malware family used by APT threat group Two-tailed Scorpion, aka APT-C-23, to target Android-powered devices and believed to be a new variant of the VAMP malware, as the two share some C2 infrastructure.
An Android malware variant that has a sophisticated modular structure and components for a variety of functions, including: mining the Monero cryptocurrency, downloading and installing additional apps, launching distributed denial-of-service attacks, and injecting ads in the notification area, among others.
An Android malware toolkit posing as adult content apps available on various sites with the capability to root Android devices, inject malicious code into legitimate apps, subscribe to premium services and sending premium messages, silently download/install potentially malicious apps.
An Android backdoor malware variant found in older versions of apps on the Google Play Store with rooting capabilities that exploit old vulnerabilities and install spyware to steal sensitive data from popular social media applications.
An Android malware that surreptitiously installs additional malware on an affected device using the Toast Overlay attack.
An Android Malware that when installed starts a SOCKS proxy on all infected devices and awaits commands from a remote botnet command-and-control (C2) server. It was found present in eight apps on the Google Play store in October 2017.
SonicSpy is a variant of malware that has surfaced on the Google Play Store, masquerading as a messaging application. Although it does allow the user to message contacts as advertised, it also records audio, takes photos, makes phone calls, sends text messages, and retrieves data from contacts, WiFi hotspots, and call logs, all without alerting the user of its activities.
SpyDealer is an Android trojan that is able to gain root privilege on devices running versions 2.2 to 4.4, steal data from over 40 applications, and spy on users by recording phone calls, taking photos via front or rear cameras, geotracking, or capturing screenshots. According to Palo Alto, SpyDealer is capable of controlling a device remotely via SMS, UDP, and TCP communications.
AdDown is a type of Android adware that shows ads to infected users, collects personal data on its victims, and secretly installs apps without the user's knowledge. This adware was discovered in January 2015. Trend Micro says it detected the adware in over 800 apps that were uploaded on the Play Store, usually within small utility apps, such as wallpaper changers, photo editors, and flashlight apps. AdDown has evolved into three different variants: Joymobile, Nativemob, and Xavier.
Dvmap is a type of Android rooting malware that has been downloaded more than 50,000 times from the Google Play Store. This malware is capable of injecting malicious code into the system runtime libraries, either libdmv.so or libandroid_runtime.so and monitor information and install other applications.
Android trojan embedded in a flashlight widget app. When a user opens certain apps, such as those for social media or banking, the malware overlays a fake login page on top of the legitimate app to steal the user’s credentials. It can also bypass two-factor authentication by intercepting SMS messages.
Android malware embedded in 200 Android applications available on the Google Play Store. It can bypass security restrictions and hide malicious activity in normal traffic. Business are especially at risk as it is designed to infect internal networks and private servers to gain access to corporate data.