HeroRat

An Android remote access trojan spread through Telegram channels. Once a victim grants the fake app device permissions, it appears as if it uninstalls from the infected device, but instead, runs processes in the background without the user’s knowledge.

Read More
MysteryBot

An Android malware disguised as a Flash Player app containing a banking trojan, keylogger, and mobile ransomware.

Read More
NJCCIC
ZooPark

An Android malware that has been part of a cyberespionage operation since 2015, focusing on Middle Eastern targets. Since its initial distribution, the malware has gone through four different updates, each time adding more spyware features.

Read More
Super Clean Plus

A malicious Android application that was available on the Google Play Store and downloaded over 10,000 times. The app, which is free and claims to clean up your devices memory, boost speed, and clear out junk, is hiding malicious functionality in an executable DEX file.

Read More
XLoader

A backdoor trojan and spyware infecting Android device via Domain Name System (DNS) spoofing to distribute and install malicious Android apps posing as Facebook or Chrome apps. The app collects personally identifiable information (PII) and financial data, and can install additional malicious apps.

Read More
Guerilla

A malicious backdoor that collects information on the infected device including phone manufacturer, type, brand, MAC address, etc. and uses this to initiate an aggressive ad-clicking function to generate income.

Read More
RedDrop

An Android spyware that harvests data from the infected device including device audio, phone calls, photos, contacts, files, and device related info such as IMEI, SIM related info, application data, and nearby Wi-Fi networks.

Read More
Android MalwareNJCCICreddrop
PoriewSpy

Developed from the open-source project “Android Image Viewer” and existing as far back as 2014, the malware steals sensitive information, such as SMS, call logs, contacts, location, and SD card file list, and record calls from the victims’ device.

Read More
GhostTeam

GhostTeam is an Android adware discovered by researchers at Avast and Trend Micro, found embedded in 53 applications previously available in the Google Play store including flashlight, QR code scanner, file cleaner, and social media video downloader apps.

Read More
Catelites

Android malware that can pose as over 2,200 different bank and financial institutions by placing an overlay screen over banking apps in order to trick users into providing usernames and passwords or bank card numbers

Read More
AnubisSpy

Used against Android devices to steal SMS messages, photos, videos, contacts, email accounts, calendar events, and browser histories from Chrome and Samsung Internet Browser. Additionally, it can take screenshots and record audio, including phone calls. It spies on the victims via apps installed on the device.

Read More