Android Malware Timeline 2021

Anish · January 18, 2021

Timeline

Popular Android malware seen in 2021, I have uploaded APK files for all the entries that I could on my Github repository

January:

  • New Android spyware targets users in Pakistan
  • Going Rogue- a Mastermind behind Android Malware Returns with a New RAT
  • Imitation is the sincerest form of fraudery
  • Oscorp, the "usual" malware for Android



    • Notable Blogs:

  • Android Security
  • How to use Ghidra to Reverse Engineer Mobile Application
  • Gaining access to arbitrary* Content Providers
  • Mobile Audit
  • Mitigating Abuse of Android Application Permissions and Special App Accesses
  • Investigation Xoth: Smartphone location tracking
  • Android Penetration Testing: Frida



    • February:

  • An apparently benign app distribution scheme which has all it takes to turn (very) ugly
  • Barcode Scanner app on Google Play infects 10 million users with one update
  • Domestic Kitten – An Inside Look at the Iranian Surveillance Operations
  • Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows
  • Lookout Discovers Novel Confucius APT Android Spyware Linked To India-Pakistan Conflict



    • Notable Blogs:

  • Reverse engineering Flutter for Android
  • Data Driven Security Hardening in Android
  • Insecure Data Storage: Clear Text Storage of Sensitive Information
  • Hunting for bugs in Telegram's animated stickers remote attack surface
  • Analyzing Clubhouse for fun and profit
  • How to intercept traffic from Android apps with Objection and Burp
  • Reverse Engineering Clubhouse
  • Using Frida to find hooks in Android applications



    • March:

  • Flubot
  • Clast82 – A new Dropper on Google Play Dropping the AlienBot Banker and MRAT
  • The Brief Glory of Cabassous/FluBot — a private Android banking botnet
  • How fleeceware apps have earned over $400 million on Android and iOS
  • New Advanced Android Malware Posing as “System Update”



    • Notable Blogs:

  • APKLeaks
  • Police shut down Android app that turned smartphones into proxies
  • Android reverse engineering for beginners - Dexcalibur
  • Android reverse engineering for beginners - Frida
  • TapJacking Attacks, a thorough guide
  • TikTok vs Douyin
  • Use Android as Rubber Ducky against targeted Android device or PC
  • Android/Flubot: preparing for a new campaign?



    • April:

  • Pre-installed auto installer threat found on Android mobile devices in Germany
  • Malware found on the AppGallery app store for the first time
  • New Wormable Android Malware Spreads by Creating Auto-Replies to Messages in WhatsApp
  • Trojan detected in APKPure Android app store client software
  • BRATA Keeps Sneaking into Google Play, Now Targeting USA and Spain
  • Clever Billing Fraud Applications on Google Play: Etinu



    • Notable Blogs:

  • How to use basic ADB commands to control Android apps
  • How to setup Android as Rubber Ducky without NetHunter - part 2
  • TapJacking Attacks, a thorough guide LAST PART
  • How to analyze mobile malware: a Cabassous/FluBot Case study



    • May:

  • A native packer for Android/MoqHao
  • How Flubot targets Android phone users and their money
  • Fake Android and iOS apps disguise as trading and cryptocurrency apps
  • No Joking Around with JOKER
  • Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware
  • Android apps targeting JIO users in India
  • FluBot’s Authors Employ Creative and Sophisticated Techniques to Achieve Their Goals in Version 5.0 and Beyond



    • Notable Blogs:

  • Android stalkerware threatens victims further and exposes snoopers themselves
  • New mobile malware family now also targets Belgian financial apps
  • TeaBot: a new Android malware emerged in Italy, targets banks in Europe
  • Exploiting Activity in medium android app
  • The Rage of Android Banking Trojans
  • Decrypting Mobile App Traffic using AES Killer and Frida



    • June:

  • Threat Actors Use Mockups of Popular Apps to Spread Teabot and Flubot Malware on Android
  • Teabot : Android Banking Trojan Targets Banks in Europe
  • Android FluBot enters Switzerland
  • GOOGLE PLAY STORE APPLICATIONS LACED WITH JOKER MALWARE YET AGAIN
  • DroidMorph: Are We Ready to Stop the Attack of Android Malware Clones?



    • Notable Blogs:

  • OnePlus - Elevated package privileges
  • Lifting The Grey Curtain: A First Look at the Ecosystem of CULPRITWARE
  • Happer: Unpacking Android Apps via a Hardware-Assisted Approach
  • Why dynamic code loading could be dangerous for your apps: a Google example
  • Solving CTF with Frida - Part 1
  • Bug Bounty on Android : setup your Genymotion environment for APK analysis
  • NFC smartphones enabled researchers to hack point of sale systems and ATMs
  • How to setup Ninjutsu Android Penetration Testing Environment



    • July:

  • Android trojans steal Facebook users’ logins and passwords
  • PJobRAT – Spyware in Guise
  • Lookout Unearths Android Crypto Mining Scams
  • Some URL shortener services distribute Android malware, including banking or SMS trojans
  • Joker Joking in Google Play
  • StrongPity APT Group Deploys Android Malware for the First Time
  • Vultur, with a V for VNC
  • Backdoor malware
  • Oscorp evolves into UBEL: an advanced Android malware spreading across the globe



    • Notable Blogs:

  • Genymotion+Xposed+Inspeckage
  • Damn Vulnerable Bank
  • Investigating Android malware with Pithus
  • Creating a powerful Android app context protector
  • Forensic Methodology Report: How to catch NSO Group’s Pegasus
  • Securing Wireless Devices in Public Settings



    • August:

  • Bahamut Threat Group Targeting Users Through Phishing Campaign
  • Triada Trojan in WhatsApp mod



    • Notable Blogs:

  • Solving CTF with Frida - Part 5
  • AST - Android Security Teryaagh
  • The Application Sandbox
  • Reversing ActionSpy Android Malware
  • Common mistakes when using permissions in Android
  • Bahraini Government Hacks Activists with NSO Group Zero-Click iPhone Exploits
  • Solving CTF with Frida - Part 6



    • September:

  • GriftHorse Android Trojan Steals Millions from Over 10 Million Victims Globally
  • PixStealer: a new wave of Android banking Trojans abusing Accessibility Services
  • Ermac
  • Mobile Malware: TangleBot Untangled
  • Joker Unleashes Itself Again on Google Play Store
  • SOVA - Banking trojan
  • S.O.V.A. - A new Android Banking trojan with fowl intentions
  • Phishing Android Malware Targets Taxpayers in India



    • Notable blogs:

  • Flubot - Another deep dive
  • Anubis - A deep dive
  • Pre-installed malware - Found in Russian phones



    • October:

  • FluBot - infecting via text messages
  • Targeted surveillance - human rights activist
  • Photo editor malware - steals Facebook credentials
  • Crypto wallet stealer - sends details via Telegram
  • Facebook credentials stealer - masquerades as Photo Editor
  • Ultima SMS - Premium SMS scam
  • Spyware targets Israel
  • Rooting malware
  • Countering threats from Iran



    • Notable blogs:

  • Telegram bug
  • How Android malware steals recovery phrase from Trust Wallet without user interaction
  • Android security checklist webview
  • Ultimate guide to SSL pinning bypass
  • Minecraft - most malware infected game on the market
  • Android Exploits 101



    • November:

  • Droppers on Google Play Store
  • ScarCruft surveilling North Korean defectors and human rights activists
  • Doctor Web discovered vulnerabilities in children’s smart watches
  • Android APT spyware, targeting Middle East victims, enhances evasiveness
  • New trojan detected on AppGallery app catalog
  • BrazKing Android banker
  • SharkBot: a new generation of Android Trojans is targeting banks in Europe
  • PhoneSpy spyware targets South Korean citizens
  • Targeted SMS attacks on Indian Banking users



    • Notable blogs:

  • IT threat evolution in Q3 2021. Mobile statistics
  • North Korean hackers posed as Samsung recruiters to target security researchers
  • OnePlus Nord 2 has a vulnerability that grants root shell access within minutes on a locked bootloader, without a data wipe
  • Reverse engineering & modifying Android apps with JADX & Frida
  • What can a cyber criminal learn about you using your mobile number?
  • Android Security Workshop
  • Write Frida Hook For Android
  • Mobile Malware Mimicking Framework
  • A Deep Dive into Privacy Dashboard of Top Android Vendors
  • Re-route Your Intent for Privilege Escalation: A Universal Way to Exploit Android PendingIntents in High-profile and System Apps
  • Threat intelligence report - 2021
  • Threat Report
  • Mobile app hardening
  • Android security checklist: WebView
  • Frida Hook for Android



    • December:

  • Smishing Botnets Going Viral in Iran




    • Twitter, Facebook