Android Malware
What is Android Malware?
Android MalwareMalicious software that targets the Android operating system, typically distributed through sideloaded APKs, dropper apps on Google Play, or compromised third-party stores.
Android malware ranges from advertising fraud and SMS premium-rate trojans to banking trojans, spyware, and remote-access tools. Well-documented families include Joker (premium-SMS fraud, repeatedly found on Google Play), Anubis and Cerberus (banking trojans abusing accessibility services to overlay phishing screens and steal SMS-based OTPs), BRATA (banking RAT that can factory-reset the device), and SharkBot (banking trojan using ATS to initiate fraudulent transfers). Operators commonly trick users into granting the Accessibility Service or sideloading from a phishing site. Defences include sticking to Google Play and Play Protect, restricting Accessibility access, keeping the OS patched, and using EMM/MDM with attestation on enterprise devices.
● Examples
- 01
Joker subscribes the victim to premium services after passing Google Play review through staged payloads.
- 02
BRATA wipes the device with a factory reset once the attacker has finished the fraudulent transaction.
● Frequently asked questions
What is Android Malware?
Malicious software that targets the Android operating system, typically distributed through sideloaded APKs, dropper apps on Google Play, or compromised third-party stores. It belongs to the Mobile Security category of cybersecurity.
What does Android Malware mean?
Malicious software that targets the Android operating system, typically distributed through sideloaded APKs, dropper apps on Google Play, or compromised third-party stores.
How does Android Malware work?
Android malware ranges from advertising fraud and SMS premium-rate trojans to banking trojans, spyware, and remote-access tools. Well-documented families include Joker (premium-SMS fraud, repeatedly found on Google Play), Anubis and Cerberus (banking trojans abusing accessibility services to overlay phishing screens and steal SMS-based OTPs), BRATA (banking RAT that can factory-reset the device), and SharkBot (banking trojan using ATS to initiate fraudulent transfers). Operators commonly trick users into granting the Accessibility Service or sideloading from a phishing site. Defences include sticking to Google Play and Play Protect, restricting Accessibility access, keeping the OS patched, and using EMM/MDM with attestation on enterprise devices.
How do you defend against Android Malware?
Defences for Android Malware typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Android Malware?
Common alternative names include: Android trojan, Malicious Android app.
● Related terms
- malware№ 699
Mobile Malware
Malicious software that targets smartphones and tablets to steal data, intercept communications, mine cryptocurrency, or perform financial fraud.
- malware№ 084
Banking Trojan
Malware designed to steal online-banking credentials and authorize fraudulent transactions, typically through web injects, form grabbing, or overlays.
- mobile-security№ 550
iOS Malware
Malicious software targeting Apple iPhones and iPads, including supply-chain attacks on app developers, mercenary spyware, and threats specific to jailbroken devices.
- mobile-security№ 948
Rooting (Android)
Gaining unrestricted superuser (root) privileges on an Android device, bypassing the protections enforced by the Linux kernel, SELinux, and the Android verified boot chain.
- mobile-security№ 695
Mobile App Store Attack
An attack that abuses a mobile app distribution channel — Google Play, Apple App Store, OEM stores, or third-party markets — to deliver malicious or repackaged applications to victims.
- malware№ 917
Remote Access Trojan (RAT)
Malware that gives an attacker covert, interactive control of an infected device, similar to a hidden remote-administration tool.