vlog

NOWCAST vlog News at 6pm Saturday Evening
Watch on Demand
Advertisement

5 types of Android malware that may still be infecting your phone

At least 107.7 million people in the U.S. own Android smartphones
Abigail Elise
National Curator
5 types of Android malware that may still be infecting your phone

At least 107.7 million people in the U.S. own Android smartphones

Advertisement
5 types of Android malware that may still be infecting your phone

At least 107.7 million people in the U.S. own Android smartphones
Abigail Elise
National Curator
Malware targeting Android devices continues to create problems for users. As of March 2016, an estimated 1.3 to 1.4 billion people owned Androids across the globe, and 352 million purchased them during the last quarter of 2016.In 2016, SophosLabs processed more than 8.5 million suspicious Android applications, and more than 50 percent were a form of malicious software or adware.As the popularity of the Google-developed operating system rises, hackers churn out new ways to steal personal or financial data, falsify ad revenue and spy on users.Here are five types of malware you need to watch out for: CopycatCopycat disguises itself as a popular app found in third-party stores. Once it infiltrates a device, it gathers data, roots the smartphone and disconnects its security system. It can gain control of the Zygote - the Android's app launcher - which allows it to record each app a victim opens or downloads.The malware can send revenue earned from applications' pop-up ads to hackers instead of app developers. Check Point Security estimates that up to 4.9 million fake apps were installed on infected devices, producing up to 100 million ads. In 60 days, CopyCat pulled in more than $1.5 million and sent it to third-party criminals.Cybersecurity experts linked the attack to MobiSummer, a Chinese tech startup and app developer. It remains unclear if the company was directly involved or a victim itself.Devices with operating system Android 5.0 or older are still vulnerable to Copycat, which was most active in April and May 2016. Though all affected apps have been removed from the Play Store, Google believes up to 50,000 devices could still be infected.SpyDealerSpyDealer can steal data from more than 40 popular mobile device apps, including Skype, Facebook, WhatsApp and the Firefox browser. According to Palo Alto Networks, the malicious software can spy on victims' call histories, contacts, Wi-Fi information and locations by exploiting the operating system's accessibility feature.SpyDealer can answer and record phone calls, audio clips and video footage. It can also take screenshots or photos using the device's front and rear camera.At least three versions of SpyDealer are currently active, with the oldest sample dating back to October 2015. It's unclear how the malicious software made its way onto devices, but evidence suggests that users in China became "infected through compromised wireless networks."A full list of the infected apps can be viewed here.GhostCtrlGhostCtrl, a form of malware that can secretly film and record user activity, can hide behind the names of popular apps like WhatsApp and Pokemon Go.There are three versions of GhostCtrl - one restricts a device's functions and collects its data, a second version behaves like ransomware and can freeze a victim's smartphone, and a third carries out a combination of the first two strains.Once installed, GhostCtrl can root a device, control its vibrate function, delete and rename files, download photos, use the text-to-speech feature, send text messages to specific phone numbers, delete text messages, make phone calls, record video and audio, delete browser history, open apps without permission, and spy on a user's call history, contacts, phone numbers, location, battery status, Bluetooth data and more. MarcherMarcher poses as an Adobe Flash Player update and can obtain login credentials from at least 40 different retail, social media and banking apps.The deceptive software appeared earlier this year as a fraudulent version of "Super Mario Run" for Android devices.The malware can produce fake login pages for popular third-party apps like TD Bank, Google, Yahoo, Chase Bank, Paypal, Citibank, Walmart, Amazon, Western Union, Facebook and more. The targets are programmed into its payload, but can be later modified by hackers.A full list of infected apps can be seen here. DvmapDvmap has been downloaded more than 50,000 times from the Google Play Store since March. It can inject code into a device's system library and eliminate root-detection software that identifies malevolent programs.Dvmap was hidden inside puzzle game "Colourblock," which has been removed from Google's digital marketplace. To bypass security, creators uploaded a "clean" app and updated it with a malicious version for a brief period of time - often less than 24 hours. Dvmap can be found under the name "Trojan.AndroidOS.Dvmap.a."Here's how to eliminate malware from Android devices.

Malware targeting Android devices continues to create problems for users. As of March 2016, an estimated 1.3 to 1.4 billion people owned Androids across the globe, purchased them during the last quarter of 2016.

In 2016, SophosLabs suspicious Android applications, and more than 50 percent were a form of malicious software or adware.

Advertisement

Related Content

As the popularity of the Google-developed operating system rises, new ways to steal personal or financial data, falsify ad revenue and spy on users.

Here are five types of malware you need to watch out for:

Copycat

Copycat disguises itself as a popular app found in third-party stores. Once it infiltrates a device, it gathers data, roots the smartphone and disconnects its security system. It can gain control of the Zygote - the Android's app launcher - which allows it to record each app a victim opens or downloads.

can send revenue earned from applications' pop-up ads to hackers instead of app developers. that up to 4.9 million fake apps were installed on infected devices, producing up to 100 million ads. In 60 days, CopyCat pulled in more than $1.5 million and sent it to third-party criminals.

Cybersecurity experts linked the attack to MobiSummer, a Chinese tech startup and app developer. It remains unclear if the company was directly involved or a victim itself.

Devices with operating system Android 5.0 or older are still vulnerable to Copycat, which was most active in April and May 2016. Though all affected apps have been removed from the Play Store, Google believes up to 50,000 devices could still be infected.

SpyDealer

can steal data from more than 40 popular mobile device apps, including Skype, Facebook, WhatsApp and the Firefox browser. According to , the malicious software can spy on victims' call histories, contacts, Wi-Fi information and locations by exploiting the operating system's accessibility feature.

SpyDealer can answer and record phone calls, audio clips and video footage. It can also take screenshots or photos using the device's front and rear camera.

At least three versions of SpyDealer are currently active, with the oldest sample dating back to October 2015. It's unclear how the malicious software made its way onto devices, but evidence suggests that users in China became "infected through compromised wireless networks."

A full list of the infected apps can be .

GhostCtrl

GhostCtrl, a form of malware that can secretly film and record user activity, can hide behind the names of popular apps like WhatsApp and Pokemon Go.

There are three versions of GhostCtrl - one restricts a device's functions and collects its data, a second version behaves like ransomware and can freeze a victim's smartphone, and a third carries out a combination of the first two strains.

, GhostCtrl can root a device, control its vibrate function, delete and rename files, download photos, use the text-to-speech feature, send text messages to specific phone numbers, delete text messages, make phone calls, record video and audio, delete browser history, open apps without permission, and spy on a user's call history, contacts, phone numbers, location, battery status, Bluetooth data and more.

Marcher

Marcher poses as an Adobe Flash Player update and can obtain login credentials from at least 40 different retail, social media and banking apps.

The deceptive software appeared earlier this year as a of "Super Mario Run" for Android devices.

The malware can produce fake login pages for popular third-party apps like TD Bank, Google, Yahoo, Chase Bank, Paypal, Citibank, Walmart, Amazon, Western Union, Facebook and more. The targets are programmed into its payload, but can be later modified by hackers.

A full list of infected apps can

Dvmap

more than 50,000 times from the Google Play Store since March. It can inject code into a device's system library and eliminate root-detection software that identifies malevolent programs.

Dvmap was hidden inside puzzle game "Colourblock," which has been removed from Google's digital marketplace. To bypass security, creators uploaded a "clean" app and updated it with a malicious version for a brief period of time - often less than 24 hours.

Dvmap can be found under the name "Trojan.AndroidOS.Dvmap.a."

to eliminate malware from Android devices.

Top Picks

30 years after the Oklahoma City bombing: Learn more about the 168 people who were killed
A look at what happened in the US government this week
Florida man attacked by charter captain in viral video speaks out
Mega Millions price hike promises better winning chances — Here's how