Thirtyseven4 Mobile Security Top 10 Malware for Android Devices

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware


	Top 10 Malware Families for Android Mobile Devices

Rank	Malware Name	Percentage
1.	Android.Lotoor.A	22%
2.	Android.Lightdd.A	15%
3.	Android.FakePlayer.A	11%
4.	Android.Basebridge.A	10%
5.	Android.Lotoor.B	8%
6.	Android.DroidKungFu.A	8%
7.	Android.Bgserv.A	7%
8.	Android.Erahsooc.A	7%
9.	Android.Geimini.A	7%
10.	Android.GoldDream.B	5%


	Report has been generated based upon automated feedback collected from Thirtyseven4 and its partners.

Android.Lotoor.A (22%) is a Trojan that attempts to exploit vulnerabilities in the Android operating system to gain root privileges.

Android.Lightdd.A (15%) is a Trojan that has been created to steal information from Android devices such as an IMEI number, IMSI number, etc. It communicates the stolen data to a designates remote server.

Android.FakePlayer.A (11%) is a Trojan that masquerades as a “media player application”. If installed it attempts to send SMS messages to premium rate numbers.




	Thirtyseven4 Mobile Security (Android)

Android.Basebridge.A (10%) is a Trojan that once installed will execute malicious services in the background while sending information such as SMS content, phone calls, etc. to designated servers as well as to premium rate numbers.

Android.Lotoor.B (8%) is a variation to Android.Lotoor.A that also attempts to exploit vulnerabilities in the Android operating system to gain root privileges and send the collected information to a remote server. In addition, it creates a backdoor root shell (stored in the system partition) in an attempt to survive after software upgrades.

Android.DroidKungFu.A (8%) is part of a botnet that utilizes known root exploits to steal information such as OS type, SDK version, IMEI number, IMSI number etc. and communicates this data to a remote server. It will also download and install an additional malicious application.

Android.Bgserv.A (7%) has been designed to transfer information from a compromised device to a remote location. It collects its information in logs and utilizes the HTTP POST method for posting data. It steals sensitive information.

Android.Erahsooc.A (7%) has been created to steal information from Android devices and sends SMS messages to premium rate numbers. It also sends information such as SMS content, phone calls, OS type, SDK version, IMEI number, IMSI number, location information, etc. to a configured remote server.

Android.Geimini.A (7%) is part of an Android botnet that arrives on a mobile device by bundling itself with popular and legitimate Android applications. It does so to gain root privileges. It transfers the information from the device to a remote location and uses the HTTP POST method for posting data. For example, it can communicate back a devices geographic location and has the ability to controls the device remotely.

Android.GoldDream.B (5%) creates logs of incoming SMS messages and outgoing messages and calls, and uploads them to a certain web site. It arrives on a device after exploiting the popularity of seemingly legitimate games application by re-packaging these applications with its malicious code. It sends information such as SMS content, phone calls, OS type, SDK version, IMEI number, IMSI number, location information, etc. to a remote server.

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4