Emerging Threats

Sneaky Android adware variant tricks users into thinking a different app is malware

Authored by a Symantec employee


A new, sneaky variant of Android.Mobilespy has been discovered. This malware steals information, and displays advertisements, however it executes it in a different way than most malware. It tries to make it look as though another application is responsible for its behavior. Once the malware Android.Mobilespy is installed, it then attempts to install an app called AnonyServices, which claims to assure the user’s anonymity online, but it actually allows the threat to display advertisements. In an effort to hide its suspicious activity from the user, the malware lies in wait for several days before it begins displaying the advertisements on top of the majority of launched programs. Therefore, the possibility of detecting the source of infection on a compromised device by the user is really low. By doing so, this could make the user think that the current app that is running is responsible for the ads being displayed.

How To Stay Protected:

  • It is strongly recommend that Android devices owners only download applications from reliable sources such as the Google Play Store.
  • Users should pay attention to the applications that request the use of the Accessibility Service. Once the malicious application gets these privileges, it can interact with the graphic interface and can even operate as a keylogger by intercepting the information entered by the victim. As a result, the program will be able to steal data such as text messages, and even passwords.
  • Norton Mobile Security provides protection against this Trojan. You can download it from the Google Play Store here.

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the LockMan Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome and Android are trademarks of Google, LLC. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced and/or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other company names and product names are registered trademarks or trademarks of each company.