Android Armor is a potentially unwanted application (PUA),a type of malware that is usually unwanted on your system, but doesn’t necessarilycause any issues. Potentially unwanted applications usually monitor user behaviorand use it to pick pop-up ads. Pop-ups could possibly affect device performance butwill definitely affect user experience . Like most potentially unwanted applications,Android Armor is available for download by third party application platforms orwebsites. When installed, it is called when browser is opened and begins running inthe background under the guise of a program designed to improve user experienceand functionality. Unfortunately, Android Armor is only attempting to advertiseunwanted products and services 29.BadNews: The way in which this malware works is by pretending to be an adand later spreading malware to the device running Android OS after the infectedapp is installed. Its actions then range from sending fake news messages, sendingthe device’s phone number to a command and control (C&C) server to promptinguser to install other malicious apps. BadNews is also known to disguise itself as appupdates to other popular apps. One concerning fact is that BadNews was rootedfrom the Google Play store. Since the discovery and blog post made by LookoutMobile Security, the Google Play store has taken down the affected BadNews app.However, an estimated 2 to 9 million users downloaded this app from the store 30.Xsser: Xsser is a mobile Remote Access Tool (RAT). It is spreading throughman-in- the-middle and phishing attacks, according to Akama’s Prolexic SecurityEngineering and Research Team (PLXsert). The researchers believe that this mal-ware is being used by an organized group which is targeting owners of specific de-vices and software vendors with the goal of stealing credentials, hijacking browsingsessions and executing code at the infected devices. Attacks have focused on soft-ware vendors, software-as-a-service (SaaS) providers and Internet service providers.They also serve other malware via phishing or by impersonating legitimate web-sites. Phishing is used to trick users into downloading applications being hosted onthird-party repositories. The malware was originally made to infect the Android OS,but later versions of this malware affect jailbroken iOS devices. Surveillance, steal-ing of login credentials, distributed denial of service (DDoS) attacks are maliciousactivities casued by infecting devices with Xsser 31.CoinKrypt: CoinKrypt is a simple malware. Comprised of just three smallprogram sections embedded in the target app. It will use the maximum computationpower of your device to generate virtual currencies. It will result in the infecteddevice getting overheated and will affect the battery life. Normal mining softwareis set up to throttle the rate at which coins are mined to protect the hardware itis running on. This malware includes no protection and will result in the infecteddevice getting overheated and drained battery life. The malware appears to betargeting only newer virtual currencies such as Litecoin, Dogecoin, Casinocoin 32.NotCompatible: NotCompatible operates like a drive-by download threat. It canbe downloaded by visiting compromised websites, and then proceeds to downloadinga package, update.apk. For the installation to begin, the user needs to click on it.Once installed, the malware may also communicate with certain C servers 33.