2015 Android malware Threat Report-threats caused by Android ransomware and SMS Trojans

Source: Internet
Author: User

2015 Android malware Threat Report-threats caused by Android ransomware and SMS Trojans

Previous Link

Popular Android malware family in the second half of 2015


Some of the most popular global malware families were reported during the second half of the year to steal device data through ransomware, SMS sending applications, and Trojans. The overall perception of H2 2015 in the industry is that Android malware developers have been focusing on making money for victims at any cost by threatening victims to obtain cash or secretly asking them to subscribe to high and useless paid services.


Malicious apps can pretend to be games or tools to trick users into installing these apps. For Google Play applications and other third-party applications, users must be cautious when downloading and installing applications.

According to other statistics, different countries have suffered two identical malware family attacks. Our data shows that these two families often change their positions among the five major malware families.

However, according to Bitdefender 2016's predictions, according to data from the UK, Germany and Australia, apart from the aforementioned threats, Android ransomware is still very troublesome, in the future, more victims will be threatened.

Android ransomware is mostly used in the United States and Germany.

The Android ransomware family Adnroid. Trojan. Slocker found by Bidifender has attacked users in Germany, Australia and the UK in the second half of 2015. In Germany, more than 33.58% of malware reports are related to them, and the same conclusion is drawn in Australia and the UK, where 30.25% and 22.39% are related.

However, 45.53% of the ransomware reported worldwide come from the United States, meaning that nearly half of Android. Trojan. Slocker reports come from the United States. Germany is the world's second largest ransomware country, with a total of 32.87%, indicating that the two countries had the most ransomware attacks in the second half of 2015.


Because this attack is the most common threat in the above countries, we speculate that this profit is very large and can bring huge profits to malicious software developers. These numbers are not surprising at all, because we have been able to see that Android ransomware is not only becoming more and more complex, but also targeting more and more countries.

SMS malware can also achieve huge benefits

The Android. Trojan. SMSSend malware family has been plagued by Android users for the past few years. Some malware have even entered Google Play. In addition, malware developers select the United States as the primary target, because more than 78.36% Of the world's malware appear in the United States. The United States is not the top country in the report, and the threat pages of other regions are equally serious, such as the UK, ranking fifth, accounting for 5.68%; the United States ranks second, accounting for 13.55%; Australia ranks fourth, 6.49%.


Trojan and advertisement software attacks

Despite the absence of a large number of ransomware reports in the United States and Romania, the two countries ranked first in malware and data theft Trojans. The two malware families Android. Trojan. Agent and Android. Trojan. HiddenApp are not the most popular ransomware.

Android. Trojan. Agent malware: the United States has the largest number of such software, and the threat count accounts for 54.11% of the world's total; Romania is not far behind and has captured nearly 40.91% of Such malware.


The above malware family is usually used to create an environment on the target device that allows other applications to install, or simply steal data on the device. These malware often disguise games as being distributed through third-party app stores. Although binding to a game may be effective, once a malicious software is installed on the device, it will start to execute various intrusions.

Total malware in Romania accounted for 12.46% of the world's total, followed by the United States, Australia and Britain, accounting for 9.21%, 9.19% and 8.84%.

Android. Trojan. HiddenApp even exists in Google Play. This malware seems to only target Romania, and 73.32% Of the world's malware shows that it originated from Romania.


In early 2015, Bitdefender reported to Google that about 10 Google Play applications were infected with the malware. These malware used advanced hiding technology and it was difficult for common users to remove them.

Although these malware are designed to redirect browsers every 60 s and send various advertisement websites to users, their main purpose is to trick users into downloading other malware disguised as system updates.

These annoying applications require two permissions for installation (Network Communication and System Tool ), then, change the process name to "System Manager", which makes it difficult for the application to locate and uninstall the process.


To make the application more effective, the developer must ensure that no matter whether or not the mobile browser is used, the user will see the pop-up advertisement website.

Although the software itself is not malware, it broadcasts sensitive user information to a third party, which is very similar to the attack advertisement on the PC. Such pop-up windows, redirection, and Ad attacks can cause both user experience and Android devices to be compromised.



Disguised applications promise and deliver malware

Our lab pretends to be a free-to-use paid game or app to trick users into installing their malware called Android. Trojan. Fakelnst. Although disguised as a paid game may not be a popular practice, it is interesting that American users are most likely to install these infected applications in the third-party trading market. More than 24.15% of U.S. malware is identified as Android. Trojan. Fakelnst.

In addition, if we only look at the global situation of such malware, we can see that this software is very powerful, with a share of 98.27%. This indicates that other countries may be infected with this type of malware to transmit a specific content, which has the greatest impact on the United States. Users in the United States are the main targets of attacks. They will be targeted by attackers who download apps or get phishing emails from unofficial app markets.


To understand the type of malware, Bitdefender or even malicious software is bound with Android mobile phone security applications and then distributed through various third-party transaction markets.


Needless to say, malware development will trick victims into downloading infected apps on their Android devices, and even use popular apps on Google Play to spread malware.

How can I remove malware to ensure device security?

Android continues to dominate the application market, and malicious software developers will continue to write appropriate code to pursue the trend. Whether it is stealing user data or locking user devices, you need to redeem the money to regain the device access permission. Android malware is an effective way for malicious software developers to make money and is the entrance to other malicious behaviors.

After analyzing some of the most popular global malware families, it is obvious that some malware targets specific countries and others are distributed globally.

We strongly recommend that Android users install the mobile phone security solution to identify malicious applications before installing the application, and check the privacy of installed applications.

Avoid downloading apps from Google Play or trusted markets. These applications are prone to malware, data theft Trojans, and annoying and aggressive advertisements. We even found malware in Google Play before. Their deformation methods are amazing, so users must be careful.

About BitDefender

BitDefener is a global security technology company that provides solutions for over 100 countries.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.