CopyCat is a fully developed malware with vast capabilities, including rooting devices, establishing persistency, and injecting code into Zygote – a daemon responsible for launching apps in the Android operating system – that allows the malware to control any activity on the device.

Andr/Dropr-FH can silently record audio and video, monitor texts and calls, modify files, and ultimately spawn ransomware.

Andr/Dropr-FH is also known as:

The malware, dubbed Judy, is an auto-clicking adware which was found on 41 apps developed by a Korean company. The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it.

The trojan waits in hiding until the user opens a banking or social media app. When this happens, the trojan shows an HTML-based overlay on top of the original app, alerting the user of an error, and asking to reauthenticate. Red Alert then collects the user’s credentials and sends them to its C&C server.

Tizi is a fully featured backdoor that installs spyware to steal sensitive data from popular social media applications. The Google Play Protect security team discovered this family in September 2017 when device scans found an app with rooting capabilities that exploited old vulnerabilities. The team used this app to find more applications in the Tizi family, the oldest of which is from October 2015. The Tizi app developer also created a website and used social media to encourage more app installs from Google Play and third-party websites.

DoubleLocker can change the device’s PIN, preventing victims from accessing their devices, and also encrypts the data requesting a ransom. It will misuse accessibility services after being installed by impersonating the Adobe Flash player - similar to BankBot.

Svpeng is a Banking trojan which acts as a keylogger. If the Android device is not Russian, Svpeng will ask for permission to use accessibility services. In abusing this service it will gain administrator rights allowing it to draw over other apps, send and receive SMS and take screenshots when keys are pressed.

Svpeng is also known as:

LokiBot is a banking trojan for Android 4.0 and higher. It can steal the information and send SMS messages. It has the ability to start web browsers, and banking applications, along with showing notifications impersonating other apps. Upon attempt to remove it will encrypt the devices' external storage requiring Bitcoins to decrypt files.

The main goal of this malware is to steal banking credentials from the victim’s device. It usually impersonates flash player updaters, android system tools, or other legitimate applications.

In rooted devices, Viking Horde installs software and executes code remotely to get access to the mobile data.

A Chinese advertising company has developed this malware. The malware has the power to take control of devices; it forces users to click advertisements and download apps. The malware uses a multistage attack chain.

Ackposts is a Trojan horse for Android devices that steals the Contacts information from the compromised device and sends it to a predetermined location.

Wirex is a Trojan horse for Android devices that opens a backdoor on the compromised device which then joins a botnet for conducting click fraud.

WannaLocker is a strain of ransomware for Android devices that encrypts files on the device’s external storage and demands a payment to decrypt them.

Switcher is a Trojan horse for Android devices that modifies Wi-Fi router DNS settings. Swticher attempts to infiltrate a router’s admin interface on the devices' WIFI network by using brute force techniques. If the attack succeeds, Switcher alters the DNS settings of the router, making it possible to reroute DNS queries to a network controlled by the malicious actors.

Vibleaker was an app available on the Google Play Store named Beaver Gang Counter that contained malicious code that after specific orders from its maker would scan the user’s phone for the Viber app, and then steal photos and videos recorded or sent through the app.

ExpensiveWall is Android malware that sends fraudulent premium SMS messages and charges users accounts for fake services without their knowledge

Cepsohord is a Trojan horse for Android devices that uses compromised devices to commit click fraud, modify DNS settings, randomly delete essential files, and download additional malware such as ransomware.

Fakem RAT makes their network traffic look like well-known protocols (e.g. Messenger traffic, HTML pages).

GM Bot – also known as Acecard, SlemBunk, or Bankosy – scams people into giving up their banking log-in credentials and other personal data by displaying overlays that look nearly identical to banking apps log-in pages. Subsequently, the malware intercepts SMS to obtain two-factor authentication PINs, giving cybercriminals full access to bank accounts.

GM Bot is also known as:

The Wormhole vulnerability in the Moplus SDK could be exploited by hackers to open an unsecured and unauthenticated HTTP server connection on the user’s device, and this connection is established in the background without the user’s knowledge.

Adwind is a backdoor written purely in Java that targets system supporting the Java runtime environment. Commands that can be used, among other things, to display messages on the system, open URLs, update the malware, download/execute files, and download/load plugins. According to the author, the backdoor component can run on Windows, Mac OS, Linux and Android platforms providing rich capabilities for remote control, data gathering, data exfiltration and lateral movement.

Adwind is also known as:

Adsms is a Trojan horse that may send SMS messages from Android devices.

Airpush is a very aggresive Ad - Network

Airpush is also known as:

BeanBot forwards device’s data to a remote server and sends out premium-rate SMS messages from the infected device.

Kemoge is adware that disguises itself as popular apps via repackaging, then allows for a complete takeover of the users Android device.

Ghost Push is a family of malware that infects the Android OS by automatically gaining root access, downloading malicious software, masquerading as a system app, and then losing root access, which then makes it virtually impossible to remove the infection even by factory reset unless the firmware is reflashed.

The BeNews app is a backdoor app that uses the name of defunct news site BeNews to appear legitimate. After installation it bypasses restrictions and downloads additional threats to the compromised device.

Accstealer is a Trojan horse for Android devices that steals information from the compromised device.

Acnetdoor is a detection for Trojan horses on the Android platform that open a back door on the compromised device.

Acnetsteal is a detection for Trojan horses on the Android platform that steal information from the compromised device.

Actech is a Trojan horse for Android devices that steals information and sends it to a remote location.

AdChina is an advertisement library that is bundled with certain Android applications.

Adfonic is an advertisement library that is bundled with certain Android applications.

AdInfo is an advertisement library that is bundled with certain Android applications.

Adknowledge is an advertisement library that is bundled with certain Android applications.

AdMarvel is an advertisement library that is bundled with certain Android applications.

AdMob is an advertisement library that is bundled with certain Android applications.

Adrd is a Trojan horse that steals information from Android devices.

Aduru is an advertisement library that is bundled with certain Android applications.

Adwhirl is an advertisement library that is bundled with certain Android applications.

Adwlauncher is a Trojan horse for Android devices that steals information from the compromised device.

Adwo is an advertisement library that is bundled with certain Android applications.

Airad is an advertisement library that is bundled with certain Android applications.

Alienspy is a Trojan horse for Android devices that steals information from the compromised device. It may also download potentially malicious files.

AmazonAds is an advertisement library that is bundled with certain Android applications.

Answerbot is a Trojan horse that opens a back door on Android devices.

Antammi is a Trojan horse that steals information from Android devices.

Apkmore is an advertisement library that is bundled with certain Android applications.

Aplog is a Trojan horse for Android devices that steals information from the device.

Appenda is an advertisement library that is bundled with certain Android applications.

Apperhand is an advertisement library that is bundled with certain Android applications.

Appleservice is a Trojan horse for Android devices that may steal information from the compromised device.

AppLovin is an advertisement library that is bundled with certain Android applications.

Arspam is a Trojan horse for Android devices that sends spam SMS messages to contacts on the compromised device.

Aurecord is a spyware application for Android devices that allows the device it is installed on to be monitored.

Backapp is a Trojan horse for Android devices that steals information from the compromised device.

Backdexer is a Trojan horse for Android devices that may send premium-rate SMS messages from the compromised device.

Backflash is a Trojan horse for Android devices that opens a back door and steals information from the compromised device.

Backscript is a Trojan horse for Android devices that downloads files onto the compromised device.

Badaccents is a Trojan horse for Android devices that may download apps on the compromised device.

Badpush is an advertisement library that is bundled with certain Android applications.

Ballonpop is a Trojan horse for Android devices that steals information from the compromised device.

Bankosy is a Trojan horse for Android devices that steals information from the compromised device.

Bankun is a Trojan horse for Android devices that replaces certain banking applications on the compromised device.

Basebridge is a Trojan horse that attempts to send premium-rate SMS messages to predetermined numbers.

Basedao is a Trojan horse for Android devices that steals information from the compromised device.

Batterydoctor is Trojan that makes exaggerated claims about the device’s ability to recharge the battery, as well as steal information.

Beaglespy is an Android mobile detection for the Beagle spyware program as well as its associated client application.

Becuro is a Trojan horse for Android devices that downloads potentially malicious files onto the compromised device.

Beita is a Trojan horse for Android devices that steals information from the compromised device.

Bgserv is a Trojan that opens a back door and transmits information from the device to a remote location.

Biigespy is an Android mobile detection for the Biige spyware program as well as its associated client application.

Bmaster is a Trojan horse on the Android platform that opens a back door, downloads files and steals potentially confidential information from the compromised device.

Bossefiv is a Trojan horse for Android devices that steals information.

Boxpush is an advertisement library that is bundled with certain Android applications.

Burstly is an advertisement library that is bundled with certain Android applications.

Buzzcity is an advertisement library that is bundled with certain Android applications.

ByPush is an advertisement library that is bundled with certain Android applications.

Cajino is a Trojan horse for Android devices that opens a back door on the compromised device.

Casee is an advertisement library that is bundled with certain Android applications.

Catchtoken is a Trojan horse for Android devices that intercepts SMS messages and opens a back door on the compromised device.

Cauly is an advertisement library that is bundled with certain Android applications.

Cellshark is a spyware application for Android devices that periodically gathers information from the device and uploads it to a predetermined location.

Centero is a Trojan horse for Android devices that displays advertisements on the compromised device.

Chuli is a Trojan horse for Android devices that opens a back door and may steal information from the compromised device.

Citmo is a Trojan horse for Android devices that steals information from the compromised device.

Claco is a Trojan horse for Android devices that steals information from the compromised device.

Clevernet is an advertisement library that is bundled with certain Android applications.

Cnappbox is an advertisement library that is bundled with certain Android applications.

Cobblerone is a spyware application for Android devices that can track the phone’s location and remotely erase the device.

Coolpaperleak is a Trojan horse for Android devices that steals information and sends it to a remote location.

Coolreaper is a Trojan horse for Android devices that opens a back door on the compromised device. It may also steal information and download potentially malicious files.

Cosha is a spyware program for Android devices that monitors and sends certain information to a remote location.

Counterclank is a Trojan horse for Android devices that steals information.

Crazymedia is an advertisement library that is bundled with certain Android applications.

Crisis is a Trojan horse for Android devices that opens a back door and steals information from the compromised device.

Crusewind is a Trojan horse for Android devices that sends SMS messages to a premium-rate number.

Dandro is a Trojan horse for Android devices that allows a remote attacker to gain control over the device and steal information from it.

Daoyoudao is an advertisement library that is bundled with certain Android applications.

Deathring is a Trojan horse for Android devices that may perform malicious activities on the compromised device.

Deeveemap is a Trojan horse for Android devices that downloads potentially malicious files onto the compromised device.

Dendoroid is a Trojan horse for Android devices that opens a back door, steals information, and may perform other malicious activities on the compromised device.

Dengaru is a Trojan horse for Android devices that performs click-fraud from the compromised device.

Diandong is an advertisement library that is bundled with certain Android applications.

Dianjin is an advertisement library that is bundled with certain Android applications.

Dogowar is a Trojan horse on the Android platform that sends SMS texts to all contacts on the device. It is a repackaged version of a game application called Dog Wars, which can be downloaded from a third party market and must be manually installed.

Domob is an advertisement library that is bundled with certain Android applications.

Dougalek is a Trojan horse for Android devices that steals information from the compromised device. The threat is typically disguised to display a video.

Dowgin is an advertisement library that is bundled with certain Android applications.

Droidsheep is a hacktool for Android devices that hijacks social networking accounts on compromised devices.

Dropdialer is a Trojan horse for Android devices that sends SMS messages to a premium-rate phone number.

Dupvert is a Trojan horse for Android devices that opens a back door and steals information from the compromised device. It may also perform other malicious activities.

Dynamicit is an advertisement library that is bundled with certain Android applications.

Ecardgrabber is an application that attempts to read details from NFC enabled credit cards. It attempts to read information from NFC enabled credit cards that are in close proximity.

Ecobatry is a Trojan horse for Android devices that steals information and sends it to a remote location.

Enesoluty is a Trojan horse for Android devices that steals information and sends it to a remote location.

Everbadge is an advertisement library that is bundled with certain Android applications.

Ewalls is a Trojan horse for the Android operating system that steals information from the mobile device.

Exprespam is a Trojan horse for Android devices that displays a fake message and steals personal information stored on the compromised device.

Fakealbums is a Trojan horse for Android devices that monitors and forwards received messages from the compromised device.

Fakeangry is a Trojan horse on the Android platform that opens a back door, downloads files, and steals potentially confidential information from the compromised device.

Fakeapp is a Trojan horse for Android devices that downloads configuration files to display advertisements and collects information from the compromised device.

Fakebanco is a Trojan horse for Android devices that redirects users to a phishing page in order to steal their information.

Fakebank is a Trojan horse that steals information from the compromised device.

Fakebank.B is a Trojan horse for Android devices that opens a back door and steals information from the compromised device.

Fakebok is a Trojan horse for Android devices that sends SMS messages to premium phone numbers.

Fakedaum is a Trojan horse for Android devices that steals information from the compromised device.

Fakedefender is a Trojan horse for Android devices that displays fake security alerts in an attempt to convince the user to purchase an app in order to remove non-existent malware or security risks from the device.

Fakedefender.B is a Trojan horse for Android devices that displays fake security alerts in an attempt to convince the user to purchase an app in order to remove non-existent malware or security risks from the device.

Fakedown is a Trojan horse for Android devices that downloads more malicious apps onto the compromised device.

Fakeflash is a Trojan horse for Android devices that installs a fake Flash application in order to direct users to a website.

Fakegame is a Trojan horse for Android devices that displays advertisements and steals information from the compromised device.

Fakeguard is a Trojan horse for Android devices that steals information from the compromised device.

Fakejob is a Trojan horse for Android devices that redirects users to scam websites.

Fakekakao is a Trojan horse for Android devices sends SMS messages to contacts stored on the compromised device.

Fakelemon is a Trojan horse for Android devices that blocks certain SMS messages and may subscribe to services without the user’s consent.

Fakelicense is a Trojan horse that displays advertisements on the compromised device.

Fakelogin is a Trojan horse for Android devices that steals information from the compromised device.

FakeLookout is a Trojan horse for Android devices that opens a back door and steals information on the compromised device.

FakeMart is a Trojan horse for Android devices that may send SMS messages to premium rate numbers. It may also block incoming messages and steal information from the compromised device.

Fakemini is a Trojan horse for Android devices that disguises itself as an installation for the Opera Mini browser and sends premium-rate SMS messages to a predetermined number.

Fakemrat is a Trojan horse for Android devices that opens a back door and steals information from the compromised device.

Fakeneflic is a Trojan horse that steals information from Android devices.

Fakenotify is a Trojan horse for Android devices that sends SMS messages to premium-rate phone numbers, collects and sends information, and periodically displays Web pages. It also downloads legitimate apps onto the compromised device.

Fakepatch is a Trojan horse for Android devices that downloads more files on to the device.

Fakeplay is a Trojan horse for Android devices that steals information from the compromised device and sends it to a predetermined email address.

Fakescarav is a Trojan horse for Android devices that displays fake security alerts in an attempt to convince the user to pay in order to remove non-existent malware or security risks from the device.

Fakesecsuit is a Trojan horse for Android devices that steals information from the compromised device.

Fakesucon is a Trojan horse program for Android devices that sends SMS messages to premium-rate phone numbers.

Faketaobao is a Trojan horse for Android devices that steals information from the compromised device.

Faketaobao.B is a Trojan horse for Android devices that intercepts and and sends incoming SMS messages to a remote attacker.

Faketoken is a Trojan horse that opens a back door on the compromised device.

Fakeupdate is a Trojan horse for Android devices that downloads other applications onto the compromised device.

Fakevoice is a Trojan horse for Android devices that dials a premium-rate phone number.

Farmbaby is a spyware application for Android devices that logs certain information and sends SMS messages to a predetermined phone number.

Fauxtocopy is a spyware application for Android devices that gathers photos from the device and sends them to a predetermined email address.

Feiwo is an advertisement library that is bundled with certain Android applications.

FindAndCall is a Potentially Unwanted Application for Android devices that may leak information.

Finfish is a Trojan horse for Android devices that opens a back door and steals information from the compromised device.

Fireleaker is a Trojan horse for Android devices that steals information from the compromised device.

Fitikser is a Trojan horse for Android devices that steals information from the compromised device.

Flexispy is a Spyware application for Android devices that logs the device’s activity and sends it to a predetermined website.

Fokonge is a Trojan horse that steals information from Android devices.

FoncySMS is a Trojan horse for Android devices that sends SMS messages to premium-rate phone numbers. It may also connect to an IRC server and execute any received shell commands.

Frogonal is a Trojan horse for Android devices that steals information from the compromised device.

Ftad is an advertisement library that is bundled with certain Android applications.

Funtasy is a Trojan horse for Android devices that subscribes the user to premium SMS services.

GallMe is an advertisement library that is bundled with certain Android applications.

Gamex is a Trojan horse for Android devices that downloads further threats.

Gappusin is a Trojan horse for Android devices that downloads applications and disguises them as system updates.

Gazon is a worm for Android devices that spreads through SMS messages.

Geinimi is a Trojan that opens a back door and transmits information from the device to a remote location.

Generisk is a generic detection for Android applications that may pose a privacy, security, or stability risk to the user or user’s Android device.

Genheur is a generic detection for many individual but varied Trojans for Android devices for which specific definitions have not been created. A generic detection is used because it protects against many Trojans that share similar characteristics.

Genpush is an advertisement library that is bundled with certain Android applications.

GeoFake is a Trojan horse for Android devices that sends SMS messages to premium-rate numbers.

Geplook is a Trojan horse for Android devices that downloads additional apps onto the compromised device.

Getadpush is an advertisement library that is bundled with certain Android applications.

Ggtracker is a Trojan horse for Android devices that sends SMS messages to a premium-rate number. It may also steal information from the device.

Ghostpush is a Trojan horse for Android devices that roots the compromised device. It may then perform malicious activities on the compromised device.

Gmaster is a Trojan horse on the Android platform that steals potentially confidential information from the compromised device.

Godwon is a Trojan horse for Android devices that steals information.

Golddream is a Trojan horse that steals information from Android devices.

Goldeneagle is a Trojan horse that steals information from Android devices.

Golocker is a Trojan horse for Android devices that steals information from the compromised device.

Gomal is a Trojan horse for Android devices that steals information from the compromised device.

Gonesixty is a Trojan horse that steals information from Android devices.

Gonfu is a Trojan horse that steals information from Android devices.

Gonfu.B is a Trojan horse that steals information from Android devices.

Gonfu.C is a Trojan horse for Android devices that may download additional threats on the compromised device.

Gonfu.D is a Trojan horse that opens a back door on Android devices.

Gooboot is a Trojan horse for Android devices that may send text messages to premium rate numbers.

Goodadpush is an advertisement library that is bundled with certain Android applications.

Greystripe is an advertisement library that is bundled with certain Android applications.

Gugespy is a spyware program for Android devices that logs the device’s activity and sends it to a predetermined email address.

Gugespy.B is a spyware program for Android devices that monitors and sends certain information to a remote location.

Gupno is a Trojan horse for Android devices that poses as a legitimate app and attempts to charge users for features that are normally free. It may also display advertisements on the compromised device.

Habey is a Trojan horse for Android devices that may attempt to delete files and send SMS messages from the compromised device.

Handyclient is an advertisement library that is bundled with certain Android applications.

Hehe is a Trojan horse for Android devices that blocks incoming calls and SMS messages from specific numbers. The Trojan also steals information from the compromised device.

Hesperbot is a Trojan horse for Android devices that opens a back door on the compromised device and may steal information.

Hippo is a Trojan horse that sends SMS messages to premium-rate phone numbers.

Hippo.B is a Trojan horse that sends SMS messages to premium-rate phone numbers.

IadPush is an advertisement library that is bundled with certain Android applications.

iBanking is a Trojan horse for Android devices that opens a back door on the compromised device and may steal information.

Iconosis is a Trojan horse for Android devices that steals information from the compromised device.

Iconosys is a Trojan horse for Android devices that steals information from the compromised device.

Igexin is an advertisement library that is bundled with certain Android applications. Igexin has the capability of spying on victims through otherwise benign apps by downloading malicious plugins,

Igexin is also known as:

ImAdPush is an advertisement library that is bundled with certain Android applications.

InMobi is an advertisement library that is bundled with certain Android applications.

Jifake is a Trojan horse for Android devices that sends SMS messages to premium-rate phone numbers.

Jollyserv is a Trojan horse for Android devices that sends SMS messages and steals information from the compromised device.

Jsmshider is a Trojan horse that opens a back door on Android devices.

Ju6 is an advertisement library that is bundled with certain Android applications.

Jumptap is an advertisement library that is bundled with certain Android applications.

Jzmob is an advertisement library that is bundled with certain Android applications.

Kabstamper is a Trojan horse for Android devices that corrupts images found on the compromised device.

Kidlogger is a Spyware application for Android devices that logs the device’s activity and sends it to a predetermined website.

Kielog is a Trojan horse for Android devices that logs keystrokes and sends the stolen information to the remote attacker.

Kituri is a Trojan horse for Android devices that blocks certain SMS messages from being received by the device. It may also send SMS messages to a premium-rate number.

Kranxpay is a Trojan horse for Android devices that downloads other apps onto the device.

Krysanec is a Trojan horse for Android devices that opens a back door on the compromised device.

Kuaidian360 is an advertisement library that is bundled with certain Android applications.

Kuguo is an advertisement library that is bundled with certain Android applications.

Lastacloud is a Trojan horse for Android devices that steals information from the compromised device.

Laucassspy is a spyware program for Android devices that steals information and sends it to a remote location.

Lifemonspy is a spyware application for Android devices that can track the phone’s location, download SMS messages, and erase certain data from the device.

Lightdd is a Trojan horse that steals information from Android devices.

Loaderpush is an advertisement library that is bundled with certain Android applications.

Locaspy is a Potentially Unwanted Application for Android devices that tracks the location of the compromised device.

Lockdroid.E is a Trojan horse for Android devices that locks the screen and displays a ransom demand on the compromised device.

Lockdroid.F is a Trojan horse for Android devices that locks the screen and displays a ransom demand on the compromised device.

Lockdroid.G is a Trojan horse for Android devices that may display a ransom demand on the compromised device.

Lockdroid.H is a Trojan horse for Android devices that locks the screen and displays a ransom demand on the compromised device.

Lockscreen is a Trojan horse for Android devices that locks the compromised device from use.

LogiaAd is an advertisement library that is bundled with certain Android applications.

Loicdos is an Android application that provides an interface to a website in order to perform a denial of service (DoS) attack against a computer.

Loozfon is a Trojan horse for Android devices that steals information from the compromised device.

Lotoor is a generic detection for hack tools that exploit vulnerabilities in order to gain root privileges on compromised Android devices.

Lovespy is a Trojan horse for Android devices that steals information from the device.

Lovetrap is a Trojan horse that sends SMS messages to premium-rate phone numbers.

Luckycat is a Trojan horse for Android devices that opens a back door and steals information on the compromised device.

Machinleak is a Trojan horse for Android devices that steals information from the compromised device.

Maistealer is a Trojan that steals information from Android devices.

Malapp is a generic detection for many individual but varied threats on Android devices that share similar characteristics.

Malebook is a Trojan horse for Android devices that steals information from the compromised device.

Malhome is a Trojan horse for Android devices that steals information from the compromised device.

Malminer is a Trojan horse for Android devices that mines cryptocurrencies on the compromised device.

Mania is a Trojan horse for Android devices that sends SMS messages to a premium-rate phone number.

Maxit is a Trojan horse for Android devices that opens a back door on the compromised device. It also steals certain information and uploads it to a remote location.

MdotM is an advertisement library that is bundled with certain Android applications.

Medialets is an advertisement library that is bundled with certain Android applications.

Meshidden is a spyware application for Android devices that allows the device it is installed on to be monitored.

Mesploit is a tool for Android devices used to create applications that exploit the Android Fake ID vulnerability.

Mesprank is a Trojan horse for Android devices that opens a back door on the compromised device.

Meswatcherbox is a spyware application for Android devices that forwards SMS messages without the user knowing.

Miji is an advertisement library that is bundled with certain Android applications.

Milipnot is a Trojan horse for Android devices that steals information from the compromised device.

MillennialMedia is an advertisement library that is bundled with certain Android applications.

Mitcad is an advertisement library that is bundled with certain Android applications.

MobClix is an advertisement library that is bundled with certain Android applications.

MobFox is an advertisement library that is bundled with certain Android applications.

Mobidisplay is an advertisement library that is bundled with certain Android applications.

Mobigapp is a Trojan horse for Android devices that downloads applications disguised as system updates.

MobileBackup is a spyware application for Android devices that monitors the affected device.

Mobilespy is a Trojan horse that steals information from Android devices.

Mobiletx is a Trojan horse for Android devices that steals information from the compromised device. It may also send SMS messages to a premium-rate number.

Mobinaspy is a spyware application for Android devices that can track the device’s location.

Mobus is an advertisement library that is bundled with certain Android applications.

MobWin is an advertisement library that is bundled with certain Android applications.

Mocore is an advertisement library that is bundled with certain Android applications.

Moghava is a Trojan horse for Android devices that modifies images that are stored on the device.

Momark is an advertisement library that is bundled with certain Android applications.

Monitorello is a spyware application for Android devices that allows the device it is installed on to be monitored.

Moolah is an advertisement library that is bundled with certain Android applications.

MoPub is an advertisement library that is bundled with certain Android applications.

Morepaks is a Trojan horse for Android devices that downloads remote files and may display advertisements on the compromised device.

Nandrobox is a Trojan horse for Android devices that steals information from the compromised device. It also deletes certain SMS messages from the device.

Netisend is a Trojan horse that steals information from Android devices.

Nickispy is a Trojan horse that steals information from Android devices.

Notcompatible is a Trojan horse for Android devices that acts as a proxy.

Nuhaz is a Trojan horse for Android devices that may intercept text messages on the compromised device.

Nyearleaker is a Trojan horse program for Android devices that steals information.

Obad is a Trojan horse for Android devices that opens a back door, steals information, and downloads files. It also sends SMS messages to premium-rate numbers and spreads malware to Bluetooth-enabled devices.

Oneclickfraud is a Trojan horse for Android devices that attempts to coerce a user into paying for a pornographic service.

Opfake is a detection for Trojan horses on the Android platform that send SMS texts to premium-rate numbers.

Opfake.B is a Trojan horse for the Android platform that may receive commands from a remote attacker to perform various functions.

Ozotshielder is a Trojan horse that steals information from Android devices.

Pafloat is an advertisement library that is bundled with certain Android applications.

PandaAds is an advertisement library that is bundled with certain Android applications.

Pandbot is a Trojan horse for Android devices that may download more files onto the device.

Pdaspy is a spyware application for Android devices that periodically gathers information from the device and uploads it to a predetermined location.

Penetho is a hacktool for Android devices that can be used to crack the WiFi password of the router that the device is using.

Perkel is a Trojan horse for Android devices that may steal information from the compromised device.

Phimdropper is a Trojan horse for Android devices that sends and intercepts incoming SMS messages.

Phospy is a Trojan horse for Android devices that steals confidential information from the compromised device.

Piddialer is a Trojan horse for Android devices that dials premium-rate numbers from the compromised device.

Pikspam is a Trojan horse for Android devices that sends spam SMS messages from the compromised device.

Pincer is a Trojan horse for Android devices that steals confidential information and opens a back door on the compromised device.

Pirator is a Trojan horse on the Android platform that downloads files and steals potentially confidential information from the compromised device.

Pjapps is a Trojan horse that has been embedded on third party applications and opens a back door on the compromised device. It retrieves commands from a remote command and control server.

Pjapps.B is a Trojan horse for Android devices that opens a back door on the compromised device.

Pletora is a is a Trojan horse for Android devices that may lock the compromised device. It then asks the user to pay in order to unlock the device.

Poisoncake is a Trojan horse for Android devices that opens a back door on the compromised device. It may also download potentially malicious files and steal information.

Pontiflex is an advertisement library that is bundled with certain Android applications.

Positmob is a Trojan horse program for Android devices that sends SMS messages to premium rate phone numbers.

Premiumtext is a detection for Trojan horses on the Android platform that send SMS texts to premium-rate numbers. These Trojans will often be repackaged versions of genuine Android software packages, often distributed outside the Android Marketplace.

Pris is a Trojan horse for Android devices that silently downloads a malicious application and attempts to open a back door on the compromised device.

Qdplugin is a Trojan horse for Android devices that opens a back door and steals information from the compromised device.

Qicsomos is a Trojan horse for Android devices that sends SMS messages to a premium-rate phone number.

Qitmo is a Trojan horse for Android devices that steals information from the compromised device.

Rabbhome is a Trojan horse for Android devices that steals information from the compromised device.

Repane is a Trojan horse for Android devices that steals information and sends SMS messages from the compromised device.

Reputation.1 is a detection for Android files based on analysis performed by Norton Mobile Insight.

Reputation.2 is a detection for Android files based on analysis performed by Norton Mobile Insight.

Reputation.3 is a detection for Android files based on analysis performed by Norton Mobile Insight.

RevMob is an advertisement library that is bundled with certain Android applications.

Roidsec is a Trojan horse for Android devices that steals confidential information.

Rootcager is a Trojan horse that steals information from Android devices.

Rootnik is a Trojan horse for Android devices that steals information and downloads additional apps.

Rufraud is a Trojan horse for Android devices that sends SMS messages to premium-rate phone numbers.

Rusms is a Trojan horse for Android devices that sends SMS messages and steals information from the compromised device.

Samsapo is a worm for Android devices that spreads by sending SMS messages to all contacts stored on the compromised device. It also opens a back door and downloads files.

Sandorat is a Trojan horse for Android devices that opens a back door on the compromised device. It also steals information.

Sberick is a Trojan horse for Android devices that steals information from the compromised device.

Scartibro is a Trojan horse for Android devices that locks the compromised device and asks the user to pay in order to unlock it.

Scipiex is a Trojan horse for Android devices that steals information from the compromised device.

Selfmite is a worm for Android devices that spreads through SMS messages.

Selfmite.B is a worm for Android devices that displays ads on the compromised device. It spreads through SMS messages.

SellARing is an advertisement library that is bundled with certain Android applications.

SendDroid is an advertisement library that is bundled with certain Android applications.

Simhosy is a Trojan horse for Android devices that steals information from the compromised device.

Simplocker is a Trojan horse for Android devices that may encrypt files on the compromised device. It then asks the user to pay in order to decrypt these files.

Simplocker.B is a Trojan horse for Android devices that may encrypt files on the compromised device. It then asks the user to pay in order to decrypt these files.

Skullkey is a Trojan horse for Android devices that gives the attacker remote control of the compromised device to perform malicious activity.

Smaato is an advertisement library that is bundled with certain Android applications.

Smbcheck is a hacktool for Android devices that can trigger a Server Message Block version 2 (SMBv2) vulnerability and may cause the target computer to crash.

Smsblocker is a generic detection for threats on Android devices that block the transmission of SMS messages.

Smsbomber is a program that can be used to send messages to contacts on the device.

Smslink is a Trojan horse for Android devices that may send malicious SMS messages from the compromised device. It may also display advertisements.

Smspacem is a Trojan horse that may send SMS messages from Android devices.

SMSReplicator is a spying utility that will secretly transmit incoming SMS messages to another phone of the installer’s choice.

Smssniffer is a Trojan horse that intercepts SMS messages on Android devices.

Smsstealer is a Trojan horse for Android devices that steals information from the compromised device.

Smstibook is a Trojan horse that attempts to send premium-rate SMS messages to predetermined numbers.

Smszombie is a Trojan horse for Android devices that steals information from the compromised device.

Snadapps is a Trojan horse that steals information from Android devices.

Sockbot is a Trojan horse for Android devices that creates a SOCKS proxy on the compromised device.

Sockrat is a Trojan horse for Android devices that opens a back door and steals information from the compromised device.

Sofacy is a Trojan horse for Android devices that steals information from the compromised device.

Sosceo is an advertisement library that is bundled with certain Android applications.

Spitmo is a Trojan horse that steals information from Android devices.

Spitmo.B is a Trojan horse for Android devices that steals information from the compromised device.

Spyagent is a spyware application for Android devices that logs certain information and sends SMS messages to a predetermined phone number.

Spybubble is a Spyware application for Android devices that logs the device’s activity and sends it to a predetermined website.

Spydafon is a Potentially Unwanted Application for Android devices that monitors the affected device.

Spymple is a spyware application for Android devices that allows the device it is installed on to be monitored.

Spyoo is a spyware program for Android devices that records and sends certain information to a remote location.

Spytekcell is a spyware program for Android devices that monitors and sends certain information to a remote location.

Spytrack is a spyware program for Android devices that periodically sends certain information to a remote location.

Spywaller is a Trojan horse for Android devices that steals information from the compromised device.

Stealthgenie is a Trojan horse for Android devices that steals information from the compromised device.

Steek is a potentially unwanted application that is placed on a download website for Android applications and disguised as popular applications.

Stels is a Trojan horse for Android devices that opens a back door and steals information from the compromised device.

Stiniter is a Trojan horse for Android devices that sends SMS messages to a premium-rate phone number.

Sumzand is a Trojan horse for Android devices that steals information and sends it to a remote location.

Sysecsms is a Trojan horse for Android devices that steals information from the compromised device.

Tanci is an advertisement library that is bundled with certain Android applications.

Tapjoy is an advertisement library that is bundled with certain Android applications.

Tapsnake is a Trojan horse for Android phones that is embedded into a game. It tracks the phone’s location and posts it to a remote web service.

Tascudap is a Trojan horse for Android devices that uses the compromised device in denial of service attacks.

Teelog is a Trojan horse for Android devices that opens a back door and steals information from the compromised device.

Temai is a Trojan horse for Android applications that opens a back door and downloads malicious files onto the compromised device.

Tetus is a Trojan horse for Android devices that steals information from the compromised device.

Tgpush is an advertisement library that is bundled with certain Android applications.

Tigerbot is a Trojan horse for Android devices that opens a back door on the compromised device.

Tonclank is a Trojan horse that steals information and may open a back door on Android devices.

Trogle is a worm for Android devices that may steal information from the compromised device.

Twikabot is a Trojan horse for Android devices that attempts to steal information.

Uapush is a Trojan horse for Android devices that steals information from the compromised device. It may also display advertisements and send SMS messages from the compromised device.

Umeng is an advertisement library that is bundled with certain Android applications.

Updtbot is a Trojan horse for Android devices that may arrive through SMS messages. It may then open a back door on the compromised device.

Upush is an advertisement library that is bundled with certain Android applications.

Uracto is a Trojan horse for Android devices that steals personal information and sends spam SMS messages to contacts found on the compromised device.

Uranico is a Trojan horse for Android devices that steals information from the compromised device.

Usbcleaver is a Trojan horse for Android devices that steals information from the compromised device.

Utchi is an advertisement library that is bundled with certain Android applications.

Uten is a Trojan horse for Android devices that may send, block, and delete SMS messages on a compromised device. It may also download and install additional applications and attempt to gain root privileges.

Uupay is a Trojan horse for Android devices that steals information from the compromised device. It may also download additional malware.

Uxipp is a Trojan horse that attempts to send premium-rate SMS messages to predetermined numbers.

Vdloader is a Trojan horse for Android devices that opens a back door on the compromised device and steals confidential information.

VDopia is an advertisement library that is bundled with certain Android applications.

Virusshield is a Trojan horse for Android devices that claims to scan apps and protect personal information, but has no real functionality.

VServ is an advertisement library that is bundled with certain Android applications.

Walkinwat is a Trojan horse that steals information from the compromised device.

Waps is an advertisement library that is bundled with certain Android applications.

Waren is an advertisement library that is bundled with certain Android applications.

Windseeker is a Trojan horse for Android devices that steals information from the compromised device.

Wiyun is an advertisement library that is bundled with certain Android applications.

Wooboo is an advertisement library that is bundled with certain Android applications.

Wqmobile is an advertisement library that is bundled with certain Android applications.

YahooAds is an advertisement library that is bundled with certain Android applications.

Yatoot is a Trojan horse for Android devices that steals information from the compromised device.

Yinhan is an advertisement library that is bundled with certain Android applications.

Youmi is an advertisement library that is bundled with certain Android applications.

YuMe is an advertisement library that is bundled with certain Android applications.

Zeahache is a Trojan horse that elevates privileges on the compromised device.

ZertSecurity is a Trojan horse for Android devices that steals information and sends it to a remote attacker.

ZestAdz is an advertisement library that is bundled with certain Android applications.

Zeusmitmo is a Trojan horse for Android devices that opens a back door and steals information from the compromised device.

The SLocker family is one of the oldest mobile lock screen and file-encrypting ransomware and used to impersonate law enforcement agencies to convince victims to pay their ransom.

SLocker is also known as:

A malware strain known as Loapi will damage phones if users don’t remove it from their devices. Left to its own means, this modular threat will download a Monero cryptocurrency miner that will overheat and overwork the phone’s components, which will make the battery bulge, deform the phone’s cover, or even worse. Discovered by Kaspersky Labs, researchers say Loapi appears to have evolved from Podec, a malware strain spotted in 2015.

Late last year, we encountered an SMS Trojan called Trojan-SMS.AndroidOS.Podec which used a very powerful legitimate system to protect itself against analysis and detection. After we removed the protection, we saw a small SMS Trojan with most of its malicious payload still in development. Before long, though, we intercepted a fully-fledged version of Trojan-SMS.AndroidOS.Podec in early 2015. The updated version proved to be remarkable: it can send messages to premium-rate numbers employing tools that bypass the Advice of Charge system (which notifies users about the price of a service and requires authorization before making the payment). It can also subscribe users to premium-rate services while bypassing CAPTCHA. This is the first time Kaspersky Lab has encountered this kind of capability in any Android-Trojan.

Chamois is one of the largest PHA families in Android to date and is distributed through multiple channels. While much of the backdoor version of this family was cleaned up in 2016, a new variant emerged in 2017. To avoid detection, this version employs a number of techniques, such as implementing custom code obfuscation, preventing user notifications, and not appearing in the device’s app list. Chamois apps, which in many cases come preloaded with the system image, try to trick users into clicking ads by displaying deceptive graphics to commit WAP or SMS fraud.

IcicleGum is a spyware PHA family whose apps rely on versions of the Igexin ads SDK that offer dynamic code-loading support. IcicleGum apps use this library’s code-loading features to fetch encrypted DEX files over HTTP from command-and-control servers. The files are then decrypted and loaded via class reflection to read and send phone call logs and other data to remote locations.

BreadSMS is a large SMS-fraud PHA family that we started tracking at the beginning of 2017. These apps compose and send text messages to premium numbers without the user’s consent. In some cases, BreadSMS apps also implement subscription-based SMS fraud and silently enroll users in services provided by their mobile carriers. These apps are linked to a group of command-and-control servers whose IP addresses change frequently and that are used to provide the apps with premium SMS numbers and message text.

JamSkunk is a toll-fraud PHA family composed of apps that subscribe users to services without their consent. These apps disable Wi-Fi to force traffic to go through users' mobile data connection and then contact command-and-control servers to dynamically fetch code that tries to bypass the network’s WAP service subscription verification steps. This type of PHA monetizes their abuse via WAP billing, a payment method that works through mobile data connections and allows users to easily sign up and pay for new services using their existing account (i.e., services are billed directly by the carrier, and not the service provider; the user does not need a new account or a different form of payment). Once authentication is bypassed, JamSkunk apps enroll the device in services that the user may not notice until they receive and read their next bill.

Expensive Wall is a family of SMS-fraud apps that affected a large number of devices in 2017. Expensive Wall apps use code obfuscation to slow down analysis and evade detection, and rely on the JS2Java bridge to allow JavaScript code loaded inside a Webview to call Java methods the way Java apps directly do. Upon launch, Expensive Wall apps connect to command-and-control servers to fetch a domain name. This domain is then contacted via a Webview instance that loads a webpage and executes JavaScript code that calls Java methods to compose and send premium SMS messages or click ads without users' knowledge.

BambaPurple is a two-stage toll-fraud PHA family that tries to trick users into installing it by disguising itself as a popular app. After install, the app disables Wi-Fi to force the device to use its 3G connection, then redirects to subscription pages without the user’s knowledge, clicks subscription buttons using downloaded JavaScript, and intercepts incoming subscription SMS messages to prevent the user from unsubscribing. In a second stage, BambaPurple installs a backdoor app that requests device admin privileges and drops a .dex file. This executable checks to make sure it is not being debugged, downloads even more apps without user consent, and displays ads.

KoreFrog is a family of trojan apps that request permission to install packages and push other apps onto the device as system apps without the user’s authorization. System apps can be disabled by the user, but cannot be easily uninstalled. KoreFrog apps operate as daemons running in the background that try to impersonate Google and other system apps by using misleading names and icons to avoid detection. The KoreFrog PHA family has also been observed to serve ads, in addition to apps.

Gaiaphish is a large family of trojan apps that target authentication tokens stored on the device to abuse the user’s privileges for various purposes. These apps use base64-encoded URL strings to avoid detection of the command-and-control servers they rely on to download APK files. These files contain phishing apps that try to steal GAIA authentication tokens that grant the user permissions to access Google services, such as Google Play, Google+, and YouTube. With these tokens, Gaiaphish apps are able to generate spam and automatically post content (for instance, fake app ratings and comments on Google Play app pages)

RedDrop can perform a vast array of malicious actions, including recording nearby audio and uploading the data to cloud-storage accounts on Dropbox and Google Drive.

HenBox apps masquerade as others such as VPN apps, and Android system apps; some apps carry legitimate versions of other apps which they drop and install as a decoy technique. While some of legitimate apps HenBox uses as decoys can be found on Google Play, HenBox apps themselves are found only on third-party (non-Google Play) app stores. HenBox apps appear to primarily target the Uyghurs – a Turkic ethnic group living mainly in the Xinjiang Uyghur Autonomous Region in North West China. HenBox has ties to infrastructure used in targeted attacks, with a focus on politics in South East Asia. These attackers have used additional malware families in previous activity dating to at least 2015 that include PlugX, Zupdax, 9002, and Poison Ivy. HexBox apps target devices made by Chinese consumer electronics manufacture, Xiaomi and those running MIUI, Xiaomi’s operating system based on Google Android. Furthermore, the malicious apps register their intent to process certain events broadcast on compromised devices in order to execute malicious code. This is common practice for many Android apps, however, HenBox sets itself up to trigger based on alerts from Xiaomi smart-home IoT devices, and once activated, proceeds in stealing information from a myriad of sources, including many mainstream chat, communication and social media apps. The stolen information includes personal and device information.

Zeus is a trojan horse that is primarily delivered via drive-by-downloads, malvertising, exploit kits and malspam campaigns. It uses man-in-the-browser keystroke logging and form grabbing to steal information from victims. Source was leaked in 2011.

Zeus is also known as:

Delivered primarily by exploit kits as well as malspam campaigns utilizing macro based Microsoft Office documents as attachments. Vawtrak/Neverquest is a modularized banking trojan designed to steal credentials through harvesting, keylogging, Man-In-The-Browser, etc.

Vawtrak is also known as: