Overview of seven types of malware and viruses on the Android platform

With the development of mobile Internet, as one of the largest mobile operating systems today, Android has been used by more and more users. However, due to imperfect market systems and drawbacks, the low quality of applications in the Android Market and the proliferation of junk software and malware have brought great harm to users. Users are faced with huge mobile terminal security issues, and threats such as built-in viruses, information theft, and fees are emerging.

This article outlines various types of malware and viruses on the Android platform in seven categories to help users identify and be vigilant during actual use, and ensure the platform and personal information and economic security.

Category 2: ROM built-in malware/virus

(1) a. privacy. devicestatservice. [password theft tricks]

The main feature is that the virus is installed on the user's mobile phone through a ROM brush, and no startup icon is displayed after installation. Once activated, information including ICCID, IMEI, IMSI, and MSISDN is stolen, this poses a threat to user privacy.

(2) a. payment. dg

The main feature is that the virus does not have a startup icon after it is installed. Once activated, the virus will send fee deduction information to a specific SP number at a specific time, and relevant feedback information will be deleted, the virus also automatically connects to the backend network to read and upload information such as the IMEI, IMSI, and mobile phone number of the user's mobile phone, this vulnerability may cause leakage of user privacy.

(3) a. payment. pmx. [anti-fraud Service]

The main feature is that there is no startup icon after the virus is installed. Once activated, the system sends fee deduction information to a specific SP number at a specific time and deletes the relevant feedback, this vulnerability causes serious economic losses without your knowledge. In addition, the virus automatically connects to the backend network to read and upload user information, resulting in leakage of user privacy.

(4) a. privacy. ju6. [pseudo-Google upgrade]

The main feature is that there is no startup icon after the virus is installed. Once activated, the system automatically downloads and installs other apps in the background and may uninstall the mobile apps, which not only consumes user traffic, but also brings economic losses to users, it may also pose further security risks to users. At the same time, the virus also uploads user data and tracks user locations, causing user privacy leakage.

(5) a. payment. dg. a. [system killer]

The main feature is that the virus is built into the ROM and has the highest privileges of the system. It not only cannot be uninstalled through normal channels, but also prevents the specified security software from being installed, at the same time, a large number of fee deduction text messages are sent and the text messages sent by the specified number are deleted, causing serious economic losses to users.

2nd categories: Fee-absorbing malware/viruses

(1) a. payment. smshider.

The main feature is that the virus tempted users to download and install it in the name of the ** Beauty hook soul "software. Once activated, users will obtain their IMEI number, mobile phone number, and other information for upload, in addition, it will send text messages to order certain paid SP services, and delete the sending information, so that users are not allowed to discover it. This may cause serious economic losses to users and cause private leakage to users.

(2) a. payment. mj. [Trojan horse]

The main feature is that the virus induces users to download and install the software in the name of a normal software. Once activated, it tries to send messages to multiple numbers starting with "106" and orders SP high-volume services, at the same time, the operator's ordering text messages are blocked, causing economic losses when users are unaware of the situation.

(3) a. payment. keji. [hunger, hunger, and hunger

Main features: the virus is bundled with normal game software to induce users to install it. After the main program is installed and started, a prompt is displayed, prompting users to install the virus package as soon as they confirm the upgrade; at the same time, the virus tries to use system vulnerabilities to obtain the root permission for Silent Installation. After the virus is activated, the system sends a message to the 106 *** 56 number every several minutes, blocks the 10086 message, and calls the specified number in the background. The number is remotely set through the server, it may consume a large amount of user fees. In addition, the virus will terminate some security applications, posing a serious security risk to users' mobile phones.

(4) a. payment. fzbk. [fee-absorbing pirate king]

The main feature is that the virus is embedded into a well-known foreign game software and spread on several major forums and electronic markets. In addition, the virus attack is also a concealed SMS fee deduction, the fee deduction command and sending time are configured on the cloud. However, after the virus successfully deducts the fee, it also sends the IMEI number of the mobile phone number to the fixed number, some may be divided into reconciliation.

(5) a. payment. zchess. [love trap]

The main feature is that the virus induces users to download and install it in the name of "Love **". Each time it is started, it will send a deduction message to the deduction port starting with 106, and delete the receipt text message, this virus also collects user information, such as IMSI and geographic locations, and uploads it to the server, causing leakage of user privacy.

Category 2: disguised malware/virus

(1) a. payment. adsms. [fee deduction trojan for pseudo upgrade]

The main feature is that after the virus is installed, it will send service order text messages to different SP ports, blocking the SMS notification of operation fee deduction, this vulnerability may cause multiple deductions without your knowledge. The virus also collects privacy information such as the user's mobile phone number and hardware serial port and sends it back to the virus author, posing a serious security risk; at the same time, the apk program will be automatically downloaded online in the background, which may cause greater harm to mobile phone security.

(2) a. payment. live. a. [pseudo google service framework]

The main feature is that the virus is mainly spread through other malware. After the malware is installed, the so-called "User License Agreement" will pop up to instruct the user to click. After the user clicks the "OK" button, the virus will be silently installed on the mobile phone, it is further disguised as a key program of the system, that is, the "Google service framework", the icon of a highly simulated system program, and the name description are slightly different. On the surface, it is similar to the general key program of the system, on the surface of a single view, it may even lie to the eyes of professional engineers. Generally, mobile phone users are more likely to be completely "invisible ". It is a type of independently encapsulated disguised virus.

(3) a. payment. hippo. [pseudo-cool 6 Video]

The main feature is that the virus induces users to download and install it in the name of "cool 6 view *". Each time the virus program is started, then, the system automatically sends "8" to "10661566 **" deduction port in the background, and deletes the text message sent from the number starting with "10, causing serious economic losses without your knowledge

Category 2: malware/virus

(1) a. privacy. safesys. [root damage King]

The main feature is that the virus is often disguised as a popular small application, and a root permission granting request will pop up during use. If the root permission is granted, other malicious programs are downloaded in the background and installed silently, posing a threat to the user's mobile phone security.

(2) a. privacy. atools. [Universal timer]

The main feature is that the virus is disguised as a timed software and automatically obtains the root permission during runtime. It may download and silently install other malicious applications online, posing a threat to the security of users' mobile phones.

(3) a. privacy. mmainservice.

The main feature is that the virus is often disguised as system software. After it is started, it downloads sub-packages silently from the background server and installs the sub-packages silently after cracking the Root permission, all these actions are performed without the user's knowledge, posing a serious threat to the user's cell phone security.

(4) a. privacy. AppleService

The main feature is that the virus is often disguised as game software and automatically started upon startup. After the virus is started, the Root permission is obtained to silently install the virus package, posing a serious threat to the user's cell phone security.

(5) a. privacy. dbsoft. [otaku essentials]

The main feature is that the virus is disguised as a photo album software to lure users into downloading and installing the software. After the virus is activated, the Android system vulnerability is used to obtain the root permission. The terminal device does not prompt forced Internet connection, download and silently install other malware. It not only consumes user data traffic, but may bring high traffic fees to users, and may affect the normal operation and use of mobile phones or other software.

5th: cloud update malware/virus

(1) a. remote. i22hk. [cloud directive promoter]

Main features: Once activated, the virus automatically uploads IMEI, IMSI, and other information to http: // www. ***. hk also obtains cloud commands to control users' mobile phones, shield text messages sent by specified numbers, and modify browser bookmarks and download Unknown programs online, posing a serious threat to users' mobile phone security.

(2) a. payment. ms

The main feature is that the virus is injected into normal applications to induce users to download and use it. After automatic activation, the system will randomly send fee deduction text messages to the specified SP port number in the background, while blocking the confirmation text messages from SP providers, it may cause serious economic losses to users. The virus server address is: http: // 223. *. *. 176/***/trs, the virus will send the Operation Records of cloud commands to the specified mobile phone number, leak user privacy, has a serious security risk.

(3) a. payment. flashp

Virus Description: The virus is disguised as a mobile phone tool, which induces users to download it. After the virus is installed, it regularly starts from http: // cru ***. net/flash pull cloud commands, get the deduction port number and deduction of the content of the fee text message, and send malicious behavior of fee deduction SMS, and delete the text message sent from the specified port, this allows users to maliciously deduct user fees without their knowledge, causing serious economic losses to users.

(4) a. payment. dg. a. [system killer]

Virus Description: the virus is built into the ROM and has the highest privileges of the system. It cannot be uninstalled through normal channels, in addition, it can prevent the specified security software from being installed (the specified security software is pulled by cloud commands), send a large number of fee deduction messages, and delete the text messages sent by the specified number, it brings serious economic losses to users.

(5) a. remote. jz. [deformation hacker]

The main feature is that the hosts file is regularly uploaded to the specified server lebar.gicp.net, seriously infringing the user's privacy.

(6) a. payment. keji. [hunger, hunger, and hunger

The main feature is that the virus is embedded into many normal software that once spread across many large forums and e-markets. In the event of an attack, apart from the concealed text message fee deduction configured on the cloud, it also secretly steals the IVR phone number. The virus found that the fee has been transferred from the SMS to the IVR.

(7) a. payment. fzbk. [fee-absorbing pirate king]

The main feature is that the virus is embedded into a well-known foreign game software and spread on several major forums and electronic markets. In addition, the virus attack is also a concealed SMS fee deduction, the fee deduction command and sending time are configured on the cloud. However, after the virus successfully deducts the fee, it also sends the IMEI number of the mobile phone number to the fixed number, some may be divided into reconciliation.

6th: stealing privacy malware/viruses

(1) a. remote. Netvision

The main feature is that there is no icon after the virus is installed and it is automatically started upon startup. After the virus runs, it listens to the inbox of the mobile phone and forwards the text message content in the inbox to the specified number based on other commands, posing a serious security threat to user privacy.

(2) a. remote. strategy. [privacy hacker]

The main feature is that the virus is often disguised as a popular application that induces users to download and install the virus. Once activated, the virus collects user information such as contacts, text messages, and call records in the background and uploads them to the specified server, seriously infringes on user privacy. At the same time, the system will attempt to crack the system to obtain root permissions, silently install other malicious programs or uninstall the specified security anti-virus software, so that the user's mobile phone may be in a unprotected status, further virus intrusion causes greater losses.

(3) a. privacy. qieqie. [theft]

The main feature is that after the virus is installed, there is no startup icon, which is hidden in the user's mobile phone. Once activated, the background listens to the user's SMS information, when a user receives a text message, the software forwards the message to 138 ****** 88, posing a double hazard to the user's property and privacy.

(4) a. remote. CarrierIQ

The main feature is that the virus is usually embedded into the ROM. After it is started, it records user usage behaviors and collects the user's geographical location and current mobile operation network information, and periodically collects user privacy information back to the specified server, seriously infringing user privacy.

(5) a. privacy. mailx. [elder brother]

The main feature is that the virus is a spyware, which does not have a startup icon after installation, and automatically starts the program in the background to read the user's SMS information, call records, QQ token records, and other information, the email is sent to the specified email address, causing serious leakage of user privacy information.

(6) a. remote. droiddream. [privacy thieves]

The main feature is that the virus is often bound to some common software and game software. After installation, the virus uses system vulnerabilities on the Android platform to obtain the root permission of the mobile phone, install the embedded sub-packages silently in the background, collect the IMEI, IMSI, SDK, and other information on the mobile phone, send it to the specified server, and download some other malicious installation packages in the background, this poses a serious security threat to user privacy.

Category 2: fraud malware/virus

(1) a. system. go360. [icon Password]

The main feature is that the virus is disguised as a jigsaw puzzle game app to induce users to download and install the app. After it is started, several program icons are automatically generated on the desktop. Click the icon to prompt the Software Update and induce users to download other malicious apps, this poses a threat to users' mobile phone security.

(2) a. consumption. Lightdd

The main feature is that the virus disguises system notifications to trick users into clicking. once clicked, the user automatically downloads other malicious programs, which not only consumes a large amount of user traffic, but also brings economic losses to the user, it also poses security threats to users' mobile phones.

(3) a. privacy. Fabrbot

Main features: the virus is bundled with normal software to induce users to install the virus. After the main program is installed and started, the system prompts the upgrade. Once the user confirms the upgrade, the virus sub-package com. an *** id. ba *** y, but this apk does not have an icon. It also reads private information such as the address book and sends a text message to a specific number, which not only causes user privacy leakage, it also brings serious security risks to users' mobile phones.

(4) a. consumption. iddIx. [pseudo-google system upgrade service]

The main feature is: after the virus is activated, the background does not prompt to automatically download the virus package online, which consumes user traffic and brings economic losses to users; after the download is complete, the system update prompt is displayed occasionally. Once you click it, the virus package is installed. The downloaded virus package may pose a serious security threat to the user. If you do not click it, the virus prompts you from time to time, seriously affecting your normal use.

(5) a. consumption. notifier

The main feature is that the virus is disguised as a tool software. After installation, When you download and install the software in the e-market, the virus will prompt the installation notification of other software in the mobile phone system notification bar, inducing users to download and install other malware, which may consume a large amount of data traffic, causing economic losses to users and mobile phone security risks.

(6) a. consumption. menu

The main feature is that the virus uses the name "menu" to defraud users for downloading. After installation, no desktop icon is displayed. At the same time, a notification bar is displayed after the virus is started to induce downloading and installing other malware, once confirmed, the user may consume a large amount of data package traffic, causing serious economic losses.