AdDown is a type of Android adware that shows ads to infected users, collects personal data on its victims, and secretly installs apps without the user's knowledge. This adware was discovered in January 2015. Trend Micro says it detected the adware in over 800 apps that were uploaded on the Play Store, usually within small utility apps, such as wallpaper changers, photo editors, and flashlight apps. AdDown has evolved into three different variants: Joymobile, Nativemob, and Xavier.
Dvmap is a type of Android rooting malware that has been downloaded more than 50,000 times from the Google Play Store. This malware is capable of injecting malicious code into the system runtime libraries, either libdmv.so or libandroid_runtime.so and monitor information and install other applications.
Android trojan embedded in a flashlight widget app. When a user opens certain apps, such as those for social media or banking, the malware overlays a fake login page on top of the legitimate app to steal the user’s credentials. It can also bypass two-factor authentication by intercepting SMS messages.
Android malware embedded in 200 Android applications available on the Google Play Store. It can bypass security restrictions and hide malicious activity in normal traffic. Business are especially at risk as it is designed to infect internal networks and private servers to gain access to corporate data.
A remote access trojan (RAT) used to infect and spy on Android devices. In January 2017, Check Point named Triada as the top mobile malware threat after discovering the malware contained a modular backdoor to infect the Zygote process. In April 2017, it began using a DroidPlugin sandbox to evade antivirus detection.
An advanced Android malware, believed to be the counterpart to the Pegasus iOS malware. Its features allow perpetrators to access multiple features on the Android device including the camera, messages, call logs, and more.
Android malware that can collect personal user data, display phishing messages to collect login credentials, intercept SMS messages to bypass two-factor authentication or one-time codes used by banks.
A family of malicious ad fraud applications targeting Android devices. It tricks users into clicking ads by displaying deceptive graphics. It uses obfuscation and anti-analysis techniques to remain undetected.
Skinner is Android adware that was found on the Google Play Store by Check Point researchers in March 2017. It is the the first Android malware variant capable of tailoring ads to its victims.
BankBot, as it is known by Dr. Web, and Spy Banker, as it is known by ESET, is an Android Trojan that malware authors developed after using the leaked source code of another unnamed Android banking Trojan in December 2016.
The Asacub Android banking Trojan was first identified in by Kaspersky Lab in June 2015 and was prevalent in attacks against Android devices into 2016. When it was first discovered, it was a simple phishing program managed remotely from a command and control server.
Agent.Jl is an Android Trojan found in a malicious application imitating Adobe Flash Player. It tricks users into granting special permissions and then downloads and executes additional malware onto the victim device.
ViperRAT was first identified in July 2015 targeting the Android devices of over 100 Israeli servicemen from the Israeli Defense Force (IDF). ViperRAT allows the attacker to access general data about the device, SMS messages, WhatsApp database and encryption keys, browsing and search histories, documents and archives found in storage, and photos taken.
Dendroid is an Android remote access Trojan (RAT) discovered by researchers in 2014. It was available for rent at $300/month on the Dark Web forum, Darkode. This Trojan is capable of infecting Android devices and taking photos using the phone’s camera, record audio and video, download existing photos, record calls, and send texts.