Your browser is obsolete!

The page may not load correctly.

Android territory

Туманность Андроида

Other issues in this category (22)
  • add to favourites
    Add to Bookmarks

A million two million is not the maximum!

Read: 7224 Comments: 2 Rating: 9

Tuesday, November 28, 2017

Over a million users downloaded a fake WhatsApp application from a "protected" and "secure" software catalogue.

Human gullibility appears to be incurable. But for today’s issue, we’d like to go with a change of tone—from educational to historical.

The author first encountered the astonishing credulity of users when he began collecting facts about malware for mobile devices for a presentation he was going to be giving.


Ever since then, the “malware download championship” has repeatedly yielded new records.

April 29, 2016

Doctor Web security researchers found 190 applications on Google Play that were infected with Android.Click.95; this Trojan program scared users with fake warning and error messages and made them install advertising programs on their mobile devices.

The overall number of downloads of this Trojan exceeded 140,000.

November 10, 2016

Over one million Android device owners have already downloaded the Android.MulDrop.924 Trojan.

July 28, 2016

Doctor Web security researchers discovered that at least seven application developers incorporated Android.Spy.305.origin into their applications on Google Play. The software development companies include MaxMitek Inc, Fatty Studio, Gig Mobile, TrueApp Lab, Sigourney Studio, Doril Radio.FM, Finch Peach Mobile Apps and Mothrr Mobile Apps.

#drweb #drweb #drweb

Applications containing the Trojan code include "live wallpapers", image collections, utilities, photo editors, online audio stream players, etc. Thus far, Doctor Web's security researchers have discovered 155 such applications; they have been downloaded more than 2,800,000 times.

March 31, 2016

Doctor Web security researchers have identified more than 100 applications featuring Android.Spy.277.origin; downloads of these programs have exceeded 3,200,000

Funnily enough, back in April 2016 we stated that "Google Play is the most reliable source of software for Android. However, every now and then various malicious programs are discovered on this portal too". Today "every now and then" doesn't sound particularly optimistic.

Mobile device owners are confident that they can distinguish legitimate applications from malware. Here is a test.


One of these applications is legitimate and the other one is fake. Can you tell which of the figures shows the real WhatsApp? Don't cheat by looking for the answer at the end of this issue. That would be bad karma!

In the above-mentioned example, the attackers have even managed to fake the developer's ID by inserting two bytes (0xC2 0xA0, no break space) at the end of the WhatsApp company name. Well, it would be good to omit the extra spaces at the beginning and at the end. But, alas, that doesn't happen.


So far, the download record has reached one million per application. But 2017 is not the end of time, and Android users are as confident as ever that they can always expose a malicious application. So we're waiting for new records!

#Android #mobile #software_catalogue #malware

The Anti-virus Times recommends

Sadly, users aren't as attentive as they’d like to be. Therefore:

  1. Install version 12 of Dr.Web Security Space for Android;
  2. Configure Parental Control;
  3. In the In the tab, tick Play Market — this will ensure that the members of your household won't be installing any apps from this catalogue.


P. S. The figure on the left shows a bogus application.

P. P. S. While this issue was being prepared, the bar was raised again on the record—it more than doubled!

Doctor Web specialists detected Android.RemoteCode.106.origin in 9 programs, which on average have been downloaded by at least 2,370,000 users and up to more than 11,700,000 users.

Alas, new records are just around the corner. The software analysis routines on Google's application catalogue do not guarantee that programs are malware-free, and only the anti-virus installed on user devices protects against Trojans.


Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.