Android.Siggen
Android.Siggen is a Dr.Web-classified Android trojan family whose functionality varies across samples. In Dr.Web’s Q4 2025 mobile threat review, Android.Siggen-family trojans were listed among the most common Android threats, with detections decreasing by 27.47% on protected devices during the period. The provided content does not attribute this family to a specific threat actor, infection vector, or industry targeting, and does not provide family-specific indicators of compromise beyond the family name itself.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A trojan family with varying functionality (details not specified in the content).
Android malware family label used by Dr.Web for multiple variants with differing functionality; rose in prevalence in Q4 2025.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.