Collaborate Disseminate
In April 2017 we started observing new rooting malware being distributed through the Google Play Store. Unlike other rooting malware, this Trojan not only installs its modules into the system, it also injects malicious code into the system runtime libraries. Continue reading Dvmap: the first Android malware with code injection
This research started when we discovered an infected Pokémon GO guide in Google Play. We detected the malware as Trojan.AndroidOS.Ztorg.ad. After some searching, I found some other similar infected apps that were being distributed from the Google Play Store. After I started tracking these infected apps, two things struck me – how rapidly they became popular and the comments in the user review sections. Continue reading Ztorg: money for infecting your smartphone
This research started when we discovered an infected Pokémon GO guide in Google Play. We detected the malware as Trojan.AndroidOS.Ztorg.ad. After some searching, I found some other similar infected apps that were being distributed from the Google Play Store. After I started tracking these infected apps, two things struck me – how rapidly they became popular and the comments in the user review sections. Continue reading Ztorg: money for infecting your smartphone
It’s an impressive milestone for Google — For the first time in decades, Android has been crowned as the world’s most popular operating system in terms of Internet usage, knocking Microsoft Windows off the top spot.
According to a new report from web traffic analytics firm StatCounter, Google’s Android is the most popular operating system worldwide in terms of total internet usage across
Continue reading Android Beats Windows to Become World’s Most Popular Operating System
In 2016 we continued our in-depth research into the financial cyberthreat landscape. We’ve noticed over the last few years that large financial cybercriminal groups have started to concentrate their efforts on targeting large organizations – such as banks, payment processing systems, retailers, hotels and other businesses where POS terminals are widely used. Continue reading Financial cyberthreats in 2016
In 2016 we continued our in-depth research into the financial cyberthreat landscape. We’ve noticed over the last few years that large financial cybercriminal groups have started to concentrate their efforts on targeting large organizations – such as banks, payment processing systems, retailers, hotels and other businesses where POS terminals are widely used. Continue reading Financial cyberthreats in 2016
Fraudulent apps trying to send Premium SMS messages or trying to call to high rate phone numbers are not something new. It is much more interesting to talk about how certain groups bypass detection mechanisms such as those used by Google Play, since this has become difficult to achieve in the past few years. Continue reading Expensive free apps
Recently, in our never-ending quest to protect the world from malware, we found a misbehaving Android trojan. Although malware targeting the Android OS stopped being a novelty quite some time ago, this trojan is quite unique. Instead of attacking a user, it attacks the Wi-Fi network the user is connected to, or, to be precise, the wireless router that serves the network. Continue reading Switcher: Android joins the ‘attack-the-router’ club
Many mobile bankers can block a device in order to extort money from its user. But we have discovered a modification of the mobile banking Trojan Trojan-Banker.AndroidOS.Faketoken that went even further – it can encrypt user data. In addition to that, this modification is attacking more than 2,000 financial apps around the world. Continue reading The banker that encrypted files
Earlier this month, we discovered a piece of encryption malware targeting Russian users. One of its peculiarities was that it uses Telegram Messenger’s communication protocol to send a decryption key to the threat actor. Continue reading The first cryptor to exploit Telegram