Android malware that was hidden in over 40 apps on the Google Play Store. Attackers use infected devices to create a silent botnet used to send popup adds, conduct DDoS attacks or access private networks.
Android trojan embedded in a flashlight widget app. When a user opens certain apps, such as those for social media or banking, the malware overlays a fake login page on top of the legitimate app to steal the user’s credentials. It can also bypass two-factor authentication by intercepting SMS messages.
Android malware embedded in 200 Android applications available on the Google Play Store. It can bypass security restrictions and hide malicious activity in normal traffic. Business are especially at risk as it is designed to infect internal networks and private servers to gain access to corporate data.
A remote access trojan (RAT) used to infect and spy on Android devices. In January 2017, Check Point named Triada as the top mobile malware threat after discovering the malware contained a modular backdoor to infect the Zygote process. In April 2017, it began using a DroidPlugin sandbox to evade antivirus detection.
An advanced Android malware, believed to be the counterpart to the Pegasus iOS malware. Its features allow perpetrators to access multiple features on the Android device including the camera, messages, call logs, and more.
Android malware that can collect personal user data, display phishing messages to collect login credentials, intercept SMS messages to bypass two-factor authentication or one-time codes used by banks.
A family of malicious ad fraud applications targeting Android devices. It tricks users into clicking ads by displaying deceptive graphics. It uses obfuscation and anti-analysis techniques to remain undetected.
Skinner is Android adware that was found on the Google Play Store by Check Point researchers in March 2017. It is the the first Android malware variant capable of tailoring ads to its victims.
BankBot, as it is known by Dr. Web, and Spy Banker, as it is known by ESET, is an Android Trojan that malware authors developed after using the leaked source code of another unnamed Android banking Trojan in December 2016.
The Asacub Android banking Trojan was first identified in by Kaspersky Lab in June 2015 and was prevalent in attacks against Android devices into 2016. When it was first discovered, it was a simple phishing program managed remotely from a command and control server.
Agent.Jl is an Android Trojan found in a malicious application imitating Adobe Flash Player. It tricks users into granting special permissions and then downloads and executes additional malware onto the victim device.
ViperRAT was first identified in July 2015 targeting the Android devices of over 100 Israeli servicemen from the Israeli Defense Force (IDF). ViperRAT allows the attacker to access general data about the device, SMS messages, WhatsApp database and encryption keys, browsing and search histories, documents and archives found in storage, and photos taken.
Dendroid is an Android remote access Trojan (RAT) discovered by researchers in 2014. It was available for rent at $300/month on the Dark Web forum, Darkode. This Trojan is capable of infecting Android devices and taking photos using the phone’s camera, record audio and video, download existing photos, record calls, and send texts.
X-Agent, also referred to as “Sofacy,” is a remote access toolkit that works against the Android operating system and Apple’s iOS. This malware is known for its association to the state-sponsored hacker group “FANCY BEAR,” also known as “Sofacy” or “APT28,” a group tied to Russian Military Intelligence (GRU).
Switcher Android banking Trojan, disclosed by Kaspersky Lab researchers in December 2016, targets Android devices in order to take over their local WiFi routers and intercept the web traffic passing through them.
Faketoken was first discovered in 2012 as Android spyware targeting mobile banking users by posing as a fake token generator. The Trojan would ask the victim for his or her password and generate a fake token while it executed malicious code in the background and send the user’s information to a specified number and remote servers.