Cellular malware — Android Trojans particularly — accounts for a small slice of total malware exercise, however it’s able to doing extra than simply displaying adware. Some kinds of Android Trojans are able to exfiltrating name information and GPS areas, for instance.
Downloaders and infostealers had been essentially the most prevalent kinds of Android Trojans in February, in accordance with Bitdefender’s newest Menace Debrief, which appears to be like at ransomware exercise, cell malware, and spoofed domains its telemetry detected throughout that month. Bitdefender’s Menace Debrief appears to be like at detections, not infections. Bitdefender makes this distinction as a result of detections imply the malicious code hit Bitdefender’s telemetry. It doesn’t imply the malware efficiently contaminated a tool.
Whereas Android apps bundled with malicious elements are the most typical kind of Android malware, they aren’t the one sorts circulating. Bitdefender summarizes the highest 10 Android Trojans detected in February within the Menace Debrief.
Prime 3 Android Malware
The highest 3 Trojans accounted for practically 91% of the detections for the month.
- Downloader.DN refers to functions downloaded from the Google App Retailer and repackaged to incorporate aggressive adware. Generally that adware is able to downloading different kinds of malware.
- InfoStealer.XY are obfuscated functions masquerading as cell antiviruses, able to exfiltrating delicate information, in addition to downloading and putting in different malware.
- HiddenApp.AID is a very aggressive adware that impersonates advert blockers. It asks for permission to show on prime of different apps, which permits it to cover from the launcher.
Much less Widespread Forms of Android Malware
The remaining 7 Trojans made up lower than 10% of detections.
- SpyAgent.DW exfiltrates delicate information like SMS messages, name logs, contacts, or GPS location. SpyAgent.EA and SpyAgent.EM are comparable in that they exfiltrate delicate name information.
- Banker.YM grants machine admin privileges and beneficial properties entry to handle telephone calls and textual content messages. It maintains a reference to the C&C server to obtain instructions and add delicate info. Banker.XJ has comparable capabilities. Banker.XX impersonates Korean banking functions to file audio and video, acquire delicate info, and add it to a C&C server.
- Dropper.AIF is a polymorphic app that drops and installs encrypted modules. Its icons are hidden from the launcher, making it troublesome to detect.