Smartphone malware

FlyTrap is a trojan infection designed to steal Facebook accounts and use them for future abuse. An authoritative security company named Zimperium researched this malware and confirmed its activity across 100+ countries with at least 10,000 users affected by it. According to reports, many have been affected by FlyTrap via a malicious application that promotes coupons, discounts, and other similar content. Clicking on such content can lead to a fake verification window demanding login credentials for a Facebook account. After successfully retrieving the inserted data and accessing the targetted Facebook account, FlyTrap becomes able to inject malicious JavaScript code in order to collect sensitive information (e.g., IP-addresses, geolocations, e-mail addresses, internet cookies, tokens, etc.). The stolen accounts may thereafter be abused for scamming friends or spreading malware via malicious links or attachments. Thus, FlyTrap is a dangerous infection that may lead to massive security problems and compromise users' identities. Follow our guide below to get rid of the virus from your Android smartphone. After doing so, it is important to change passwords and notify your friends/contacts about the committed hacking.

S.O.V.A. is a banking trojan virus designed to extract finance-related information from Android devices. Specifically, it was spotted to do so on devices ranging from 7 to 11 Android versions. While being distributed under the disguise of ostensibly legitimate software, the sneaky trojan demands users to grant a number of device permissions. If such permissions are eventually given, the trojan will become capable of reading the device's screen and simulating fake log-in windows to bait users into entering their credentials. As mentioned, the main target of S.O.V.A. is banking information, which means it is likely the trojan will try to collect information from banking applications, cryptocurrency wallets, and other places related to finance. Due to the keylogging abilities, the trojan can record all the typed keystrokes and abuse them for stealing accounts or performing unauthorized money transactions. In addition, it was also observed that S.O.V.A. has access to managing SMS messages and displaying various pop-ups. Allowing such malware to operate for too long may indeed lead to severe privacy issues and potential loss of finance. On top of that, the S.O.V.A. banking trojan is still considered under development and is expected to acquire more features (performing DDoS attacks, operating as screen-locking ransomware, impeding 2FAs (Two-Factor Authentications), and so forth) in future updates. Thus, if you suspect your Android is under the affection of this or similar infection, follow our guidelines below to remove it and ensure further protection against such threats.

Cleaner Update is a browser-based scam that targets Android users. Many people have observed it on various deceptive websites that lure users into downloading, installing, or even buying unwanted software. Pages promoting this scam it is necessary to perform the required actions to continue watching online content in "safe mode". One version of the scam displayed a pop-up message saying "Please download the free Cleaner app from the Google Play to continue watching in safe mode". Cleaner Update may not be entitled to this message only - in theory, it can also write other text pop-ups depending on users' geolocation and browser activity. If you allow a download of software from such kind of website, it will most likely result in unwanted or even malicious infection. As a result, this can lead to unauthorized changes in system/browser settings, slower smartphone performance, increased number of ads, and other dubious modifications. Note that even some software available on legitimate platforms like Google Play can be malicious and carry trojans or other kinds of malware. If you become a victim of the Cleaner Update scam, we, therefore, advise you to follow our guidelines below and make sure your smartphone is safe. Also, if you know what program got installed via this scam, this knowledge will come in handy while performing the steps.

Also known as Exo Android Bot, Exobot is a dangerous and highly-disruptive piece of malicious software designed to infiltrate Android devices. Exobot is similar to functions carried out by many banking trojans. In essence, it settles within a system and performs a number of phishing actions aimed at extracting valuable information from users (e.g. bank card credentials; passwords, log-ins, and even identity information). It does so by accessing Accessibility Services and manipulating an infected device through WiFi or Mobile networks. Alternatively, if there is no internet connection available, Exobot, is also capable of performing device control through SMS messages, which expands its abuse potential. In order to trick users into entering their credentials, cybercriminals may create simulated layers of popular apps (Google Play; WhatsApp, Viber, etc.) that pop on the screen and hardly differ from authentic ones. Smartphone trojans are usually granted extensive permissions giving full freedom to threat actors on what they can do. This includes forced device locking, blocked access to certain applications, screen capture, SMS management, microphone, and camera manipulation along with other compromising features as well. Exobot is especially known for the botnet feature allowing developers to link a number of infected devices and control them together from the same server to execute malicious steps. In conclusion, malware like Exobot is very devastating as it may lead you to deal with serious privacy issues, financial risks, downgraded device performance, or even identity theft. Thus, we recommend you follow our guidelines below and get rid of this virus as soon as you are able to.

Teabot is a trojan infection that seeks extraction of banking-related data. Based on publicly-available reports, it is known that TeaBot has been targeting more than sixty banks across Europe. Upon getting installed onto a smartphone, it demands users to allow certain Accessibility Features by sending a number of pop-up windows. Once the requested permissions are given, developers behind Teabot will become able to control the infected device using Remote Access Tool (RAT). This will allow cybercriminals to deploy any malicious commands they want (e.g. replicate log-in credentials, take screenshots, manage contacts and send messages, disable security layers, record audio, etc.). As mentioned, the main target of this trojan comes down to financial information meaning cybercriminals might be more interested in stealing data from crypto wallets, banking or insurance apps, and so forth. To conclude, the presence of Teabot may and will be extremely dangerous for all kinds of sensitive data unless it is removed from your device. We recommend you do it as soon as possible using our guidelines below. Step-by-step instructions will help you delete it without traces.

BianLian is the name of a banking trojan designed to exfiltrate mainly finance-related information. After successful installation, it bombards the device's screen with pop-up windows that request users to allow various Accessibility Features. Once the demanded permissions are granted, the trojan acquires an almost limitless range of malicious features. For instance, it might display fake interactable windows on top of various banking applications. This way, cybercriminals attempt to trick users into entering their log-in credentials and steal them eventually. BianLian was also discovered able to run USSD codes and perform calls; prevent users from using a device by force-locking the screen; enable screen recording, manage SMS text messages, and also create an SSH server for protecting its communication channels. Such modules used by the trojan are obviously dangerous and might lead users to significant financial losses, identity thefts, and other problems that no one would desire. Thus, it is important to remove the trojan infection and restore safety on your Android device. You should also change all your log-in credentials and even block your card at the bank to prevent financial abuse.

Bahamut is a malicious program that targets Android devices and is classified as spyware. Malware of such is designed to spy on users' sensitive data and misuse it for future financial benefits. Upon successful installation, the virus acts as a regular application and requests users to provide a number of "mandatory" permissions. This can include permission for accessing camera, reading messages and managing phone contacts, recording audio, accessing phone memory, and other suspicious permits that should not be given to doubtful software. The main goal of Bahamut is normally set on extracting potentially valuable information from popular messaging apps such as WhatsApp, Facebook Messenger, Telegram, Viber, ProtectedText, Imo, Secapp, and Signal as well. Cybercriminals do this by sending collected information to their remote Command & Control server. The same is used for deploying various commands to control the infected device as well. Having Bahamut installed on your system will by far lead to many security and privacy risks. This is why such software must be removed as soon as you see it. Do it using our guide below and also learn how its installation occurred.

Recently discovered by cybersecurity researchers at MalwareHunterTeam and Cyble, Hydra has developed a new banking trojan variant designed to infect Android devices. It mimics itself under the Play Store app called Document Manager, with over 10,000 downloads in total. Users who download this app and allow certain permissions required by it will experience substantial security threats. The trojan was specifically reported targeting the second-biggest German bank, named Commerzbank. It requests more than 20 permissions, which, in case allowed, will let threat actors to do whatever they want with your smartphone - e.g. monitor passwords entered in apps, alter various settings, manage phone calls and SMS messages, lock and unlock the infected device, disable antivirus activity, record camera footage and deploy tons of other malicious tasks aimed at stealing finance-related credentials. It is also possible that other collected data like phone or social media contacts may also be abused for tricking people into downloading fake software that executes infections. The most popular symptoms of trojans running within a smartphone system are lags, moments of freezing, overheating, random opening of websites or apps, and other signs of weird behavior that were not present before. Trojans like Hydra are extremely dangerous, and it is important to stop their malicious action by performing the full-blown deletion. It may be hard to do on your own without relevant knowledge, so we prepared a thorough guide to help you succeed in removing Hydra Banking Trojan from your Android device.