Dr.Internet — Physician Internet’s February 2024 assessment of virus exercise on cell units


Dr.Internet — Physician Internet’s February 2024 assessment of virus exercise on cell units

JavaScript assist is required for our website to be totally operational in your browser.

April 1, 2024

In accordance with detection statistics collected by the Dr.Internet for Android anti-virus, February 2024 noticed a major improve in Android.HiddenAds trojan household exercise―it was up 73.26% from January. On the similar time, customers had been 58.85% much less prone to encounter the adware trojan household Android.MobiDash.

The exercise of banking trojans from varied households decreased by 18.77%, whereas Android.Spy spyware and adware trojan exercise decreased by 27.33%. In distinction, the variety of Android.Locker ransomware trojan detections elevated by 29.85%.

In accordance with statistics collected by Dr.Internet for Android



Trojan apps designed to show intrusive adverts. Trojans of this household are sometimes distributed as fashionable and innocent functions. In some instances, different malware can set up them within the system listing. When these infect Android units, they sometimes conceal their presence from the consumer. For instance, they “disguise” their icons from the house display screen menu.


The detection identify for a trojan that presents itself as modified variations of unofficial WhatsApp messenger mods. This bug can steal the contents of notifications and supply customers different apps from unknown sources for set up. And when such a modified messenger is used, it could possibly additionally show dialog bins containing remotely configurable content material.



These are the trojan apps that conceal their presence on Android units and show intrusive adverts. They’ve plenty of traits that differentiate them from different members of the Android.HiddenAds household. For instance, these trojans can run routinely after they’re put in. Furthermore, they implement a mechanism that permits their companies to stay continuously operating. And, in some instances, they will additionally use hidden Android working system capabilities.


The detection identify for Android packages which were modified utilizing the CloudInject cloud service and the eponymous Android utility (the latter was added to the Dr.Internet virus database as Software.CloudInject). Such packages are modified on a distant server; in the meantime, the modders (customers) who’re desirous about such modifications can’t management precisely what can be added to the apps. Furthermore, these packages obtain plenty of harmful system permissions. As soon as modification is full, customers can remotely handle these apps. They’ll block them, show customized dialogs, and observe when different software program is being put in or faraway from a tool, and so forth.


The detection identify for adware packages that imitate anti-virus software program. These apps inform customers of nonexistent threats, mislead them, and demand that they buy the software program’s full model.


A industrial spyware and adware app designed to covertly monitor Android machine consumer exercise. It permits intruders to learn SMS and chats in fashionable messaging software program, take heed to the environment, observe machine location and browser historical past, acquire entry to the phonebook and contacts, images and movies, and take screenshots and photos via a tool’s built-in digicam. It additionally has keylogger performance.


The detection identify for a program that permits customers to be monitored by way of their Android units. Malicious actors can put it to use to trace a goal machine’s location, use the digicam to file video and take images, eavesdrop by way of the microphone, file audio, and so forth.


The detection identify for varied modifications of an utility that’s designed to file movies and take images within the background utilizing built-in Android machine cameras. It may possibly function covertly by permitting notifications about ongoing recordings to be disabled. It additionally permits an app’s icon and identify to get replaced with pretend ones. This performance makes this software program doubtlessly harmful.


The detection identify for Android packages which were modified utilizing the NP Supervisor utility. A particular module is embedded in such apps, and it permits them to bypass digital signature verification as soon as they’ve been modified.




Riskware platforms that permit functions to launch APK information with out putting in them. They create a digital runtime setting within the context of the apps during which they’re built-in. The APK information, launched with the assistance of those platforms, can function as if they’re a part of such packages and may receive the identical permissions.


A software that permits apps put in on Android units to be modified (i.e., by creating patches for them) so as to change the logic of their work or to bypass sure restrictions. For example, customers can apply it to disable root-access verification in banking software program or to acquire limitless sources in video games. So as to add patches, this utility downloads specifically ready scripts from the Web, which could be crafted and added to the frequent database by any third occasion. The performance of such scripts can show to be malicious; thus, patches made with this software can pose a possible risk.


The detection identify for some modified variations (mods) of the WhatsApp messenger whose capabilities have been injected with a selected code. This code is accountable for loading goal URLs by displaying internet content material (by way of the Android WebView part) throughout the messenger’s operation. Such internet addresses carry out redirects to marketed websites, together with on-line on line casino, bookmaker, and grownup websites.



Adware modules that may be constructed into Android apps. They show notifications containing adverts that mislead customers. For instance, such notifications can appear to be messages from the working system. As well as, these modules acquire a wide range of confidential knowledge and are capable of obtain different apps and provoke their set up.


A member of a household of adware modules that may be constructed into Android apps and show varied adverts. Relying on the modules’ model and modification, these could be notifications containing adverts, pop-up home windows or banners. Malicious actors typically use these modules to distribute malware by providing their potential victims various software program for set up. Furthermore, such modules acquire private data and ship it to a distant server.


An adware module that may be constructed into Android functions. It shows notifications containing adverts on the Android OS lock display screen.

To guard your Android machine from malware and undesirable packages, we advocate putting in Dr.Internet anti-virus merchandise for Android.

Indicators of compromise

Dr.Web Mobile Security

Your Android wants safety.

Use Dr.Internet

  • The primary Russian anti-virus for Android
  • Over 140 million downloads—simply from Google Play
  • Accessible freed from cost for customers of Dr.Internet dwelling merchandise

Free obtain


Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *