RedDrop

An Android spyware that harvests data from the infected device including device audio, phone calls, photos, contacts, files, and device related info such as IMEI, SIM related info, application data, and nearby Wi-Fi networks.

Read More
Android MalwareNJCCICreddrop
PoriewSpy

Developed from the open-source project “Android Image Viewer” and existing as far back as 2014, the malware steals sensitive information, such as SMS, call logs, contacts, location, and SD card file list, and record calls from the victims’ device.

Read More
GhostTeam

GhostTeam is an Android adware discovered by researchers at Avast and Trend Micro, found embedded in 53 applications previously available in the Google Play store including flashlight, QR code scanner, file cleaner, and social media video downloader apps.

Read More
Anubis

Used against Android devices to steal SMS messages, photos, videos, contacts, email accounts, calendar events, and browser histories from Chrome and Samsung Internet Browser. Additionally, it can take screenshots and record audio, including phone calls. It spies on the victims via apps installed on the device.

Read More
GnatSpy

A mobile malware family used by APT threat group Two-tailed Scorpion, aka APT-C-23, to target Android-powered devices and believed to be a new variant of the VAMP malware, as the two share some C2 infrastructure.

Read More
Android MalwareNJCCICGnatSpy
Rootnik.B

An Android malware toolkit posing as adult content apps available on various sites with the capability to root Android devices, inject malicious code into legitimate apps, subscribe to premium services and sending premium messages, silently download/install potentially malicious apps.

Read More
Tizi

An Android backdoor malware variant found in older versions of apps on the Google Play Store with rooting capabilities that exploit old vulnerabilities and install spyware to steal sensitive data from popular social media applications.

Read More
Android MalwareNJCCICtizi
Sockbot

An Android Malware that when installed starts a SOCKS proxy on all infected devices and awaits commands from a remote botnet command-and-control (C2) server. It was found present in eight apps on the Google Play store in October 2017.

Read More
ExpensiveWall

ExpensiveWall is a type of Android malware that sends fraudulent SMS messages and charges users’ accounts for fake services without their knowledge. It is also capable of collecting data about the device such as location and IP address.

Read More
GhostCtrl

GhostCtrl is an Android remote access trojan (RAT) believed to be a version of the OmniRAT. It infects users by disguising itself as a legitimate app that uses the names “App,” “MMS,” “whatsapp,” and “Pokemon GO.”

Read More
SonicSpy

SonicSpy is a variant of malware that has surfaced on the Google Play Store, masquerading as a messaging application. Although it does allow the user to message contacts as advertised, it also records audio, takes photos, makes phone calls, sends text messages, and retrieves data from contacts, WiFi hotspots, and call logs, all without alerting the user of its activities.

Read More
Android MalwareNJCCIC
SpyDealer

SpyDealer is an Android trojan that is able to gain root privilege on devices running versions 2.2 to 4.4, steal data from over 40 applications, and spy on users by recording phone calls, taking photos via front or rear cameras, geotracking, or capturing screenshots. According to Palo Alto, SpyDealer is capable of controlling a device remotely via SMS, UDP, and TCP communications.

Read More
CopyCat

CopyCat is an Android malware that generates and steals ad revenue. According to CyberScoop, the malware infected 14 million Android devices, rooted 8 million phones and had 3.8 million devices serve ads. CopyCat infects users through dated exploits, the oldest dating back to 2013.

Read More
Android MalwareNJCCIC
AdDown

AdDown is a type of Android adware that shows ads to infected users, collects personal data on its victims, and secretly installs apps without the user's knowledge. This adware was discovered in January 2015. Trend Micro says it detected the adware in over 800 apps that were uploaded on the Play Store, usually within small utility apps, such as wallpaper changers, photo editors, and flashlight apps. AdDown has evolved into three different variants: JoymobileNativemob, and Xavier

Read More
Dvmap

Dvmap is a type of Android rooting malware that has been downloaded more than 50,000 times from the Google Play Store. This malware is capable of injecting malicious code into the system runtime libraries, either libdmv.so or libandroid_runtime.so and monitor information and install other applications.

Read More
Judy

Judy is a type of Android auto-clicking adware discovered in 41 apps available in the Google Play store. Malicious actors use the devices infected with Judy to generate revenue via fraudulent clicks on advertisements. 

Read More