Malware Threats,Hoaxes and Taxonomy on Android

Ahmet Göker
3 min readDec 23, 2021


Hey cybersecurity developers,

Today I am going to be writing a concept which seems really interesting thus let’s get started.

In August 2010, the first Android Trojans, FakePlayer and DroidSMS, were discovered in the wild, From that moment on, an explosion occured in the android malware space. Mostly trojans, Android malware covers a comprehensive range of known malware activities including but not limited to stolen PII data, dialed premium phone numbers, botnets, scareware and ransomware, recorded phone calls,photos,backdoor, and root privileges which seems really hard to detect in order to prevent such attacks as being a malware analyst :) you must check phone simultaneously and not downloading free software.there are a lot of malware types but I am not going to cover at all.


One of the first discovered Android malware, FakePlayer, ws a Trojan horse that attempted to send premium rate SMS messages without the user’s consent to a hardcoded phone number.It spread under the mask of a movie player app that was manually installed. The player did not work very wel but sending SMS messaged worked brilliantly.The payload of SMS messages only occurs the first time the app runs. A SQLlite database called movieplayer.db.


Another one of the first discovered Android malware, DroidSMS is a classic SMS fraud app that sends messages to premium rate phone numbers.


Existing primarily in Russia, FakeInst masquerades as highly popular apps such as Skype and Instagram. It sends SMS messages to premium rate numbers. It was one of the first Android malware to be widely discovered in the wild. It was also one of the first families to have several variants such as JiFake, RuWapFraud, Opfake, and DepositMobi.

— — — — — — — — — — — — — — — — — — — — — — — — — — — — —

we are living in 2021 but that does not mean we are %100 being protected by malware threats.It actually means that the IT war has been started thus take your control and defeat threat actors:)

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — -


GamblerSMS was viewed as spyware and the official name would show as SMS SPY. It was capable of monitoring every incoming and outgoing SMS message, and recording every outgoing phone call. The user was allowed to choose another phone number to receive the SMS messages and an e-mail address to send the recorded phone calls. The author kept a copy of all recorded phone calls.


Nickyspy was a Trojan that collected system-specific data from the device. The device’s IMEI was sent the data via SMS message to the number 15859268161. It also requested permission to do the following: access cell-ID and WIFI location and updates, GPS location, and WIFI network details; low-level access to power management, readonly access to phone sta


This malware sent SMS messages to all contacts on the device. It was a repackaged version of a game called Dog Wars. Its service name, 22 Android Malware and Analysis which started on every restart of the device, was com.dogbite.Rabies. Upon installation, the following permissions were requested: open network sockets, make the phone vibrate, read-only access to phone state, read user’s contacts data, receive broadcast messages sent after the system finishes booting, and send SMS messages

I was willing to explain everything about these awesome Trojans, but if I were to do that, the tension was then not being surprised, this series will be written constantly do not worry thus everyone!!!.,

stay tuned!!!

Ahmet Göker | malware researcher | CTF player | network security | purple teamer





Ahmet Göker

🦀 Reverse-Engineering 🦀Binary-Exploitation 🦀 Hardware programming 🦀Computer scientist