SEP Mobile malware types
search cancel

SEP Mobile malware types


Article ID: 270767


Updated On:


Endpoint Protection Mobile


When a malware detection occurs in SEP Mobile, the Incident for the detection in the MC provides a classification for the type of malware which was detected (i.e. Trojan, Adware, Riskware, etc...).  This will be presented in a bubble in the Incident details, and mousing over this bubble presents more information on the malware classification, as shown here: 

This document will provide a consolidated list of all the malware types and their descriptions.  


Malware Type Details
accessibility_clickjack Apps that implement Accessibility Clickjacking techniques to gain control of the device
data_leak Apps that leak private data from the device
hidden_app Apps that hide their icon from the device launcher
wire_lurker Apps that are affected by the WireLurker malware
xcode_ghost Apps that are affected by the XcodeGhost malware
yispecter Apps that are affected by the Yispecter malware
ace_deceiver Apps that are affected by the AceDeceiver malware
trojan Apps that disguise themselves as legitimate but allow malicious third-parties hidden access to the device
riskware Apps that are not necessarily malicious but do contain system security critical functions
potentially_unwanted Apps that are installed with the user's consent but might perform activities unexpected or undesired by the user
potentially_unsafe Apps that are not necessarily malicious but contain functionality that can be misused by an attacker
adware Apps that trigger advertising content on the device throughout the user's usage in sophisticated ways
ransomware Apps that prevent access to files on the device by encrypting them and then ask users for ransom in order to decrypt them
hack_tool Apps that may be used by hackers to attack mobile devices and networks
hacktool Apps that may be used by hackers to attack mobile devices and networks
monitor Apps that are not necessarily malicious but monitor and record the user's actions on the device
exploit Apps that leverage a particular security vulnerability that exists in software running on the device to hack it
spyware Apps that spy on the device without the user's knowledge and collect different types of data
stagefright_detector Apps that determine whether an Android device is vulnerable to Stagefright
eicar A standard anti-malware test file developed and provided by the European Institute for Computer Antivirus Research (EICAR)
application_linux_sniffer Apps that monitor the network traffic of the device and may be used by a network attack tool
hosts_file  Apps that redirect a particular IP address to a different host in the device hosts file
root_hiding Apps that attempt to hide the fact that the device is rooted
repackaged Apps that disguise themselves as other popular apps but include malicious code
packed Apps that leverage the Code Packing technique to hide their code through one or more layers of compression and encryption.