Main menu

Pages

Beware of the latest Android malware on Google Play

Image for article titled Beware of the Latest Android Malware on Google Play

PhotoShutterstockShutterstock

Android users take note: A new piece of malware is popping up in the Google Play Store and it’s coming for your data.

This new malware, also known as “Facestealer”, can steal personal information on your phone, hack your social media passwords by forcing fake logins and blow up your device with invasive ads.

security researchers at Doctor Web Anti-Virus discovered first face tester on the lurk in 10 Android apps in July 2021, but the latest batch of dark downloads contains 200 malicious apps, almost all of which were available on the Google Play Store and other third-party marketplaces for several weeks before being removed.

while the problem apps came from a range of categories, the most common were:

  • Fake VPN services
  • Camera and photo editing apps
  • and – unsurprisingly – cryptocurrency-related apps.

The fake crypto apps were even seeded with additional malware that could potentially steal a user’s wallet keys.

All 200 apps are removed from Google Play and other download sources. However, many of these apps managed to rack up thousands of downloads in the few weeks they were available. Of course, users did not knowingly download malware, such as apps often appear legitimate on the surface, and even include all advertised features, or Rest in peace from the look and design of other apps to be more like the real thing.

These apps can even trick Google. While Google Play has built-in anti-malware protection and scans all apps uploaded to the service, malicious app developers have come up with sophisticated ways to hide their unauthorized intentions† So while Google’s scans make everything clear, the code hides simple commands that install a hidden malware payload or silently download it from a remote server in the background. †This is how other infamous Android malware like Joker and ok work too

WWhile Google may eventually discover these tricks, they are often reactive measures rather than proactive, meaning new methods of infection can pop up at any time and take weeks to resolve.† This is a major flaw in Google and Android’s security measures, and it is not something that can be solved overnight.

However, avoiding Android malware is not impossible; you just need to watch what you download so you can proactively spot problematic apps.

How to avoid Android malware

We’ve covered many of the telltale signs of a malicious app before, including (but not limited to) if an app:

  • Requests excessive and unrelated app permissions. For example, a VPN does not need access to your camera.
  • Requires installation of “additional software” or attempts to sideload additional apps.
  • Spams you with ads.
  • Suddenly asking for payment info to keep using free features (especially if those features are freely available from other apps or already built into your device).
  • Is an obvious rip off of other popular apps.
  • Is only available in sketchy or unknown third-party stores.

Obviously, not every bogus app will trigger red flags – that’s part of why they’re so common – so always check the reviews first. and i mean real read the reviews. Don’t just check the app’s star rating or check out the top rated feedback. If you notice some 1 star reviews that mention shady behavior or poor quality or the only reviews are 5 star reviews without much information then it’s probably fake.

And if you’re ever in doubt, just don’t download it. And if you to do download something later turns out to be fishy or downright scam, uninstall it, leave a review to warn others, and report the app to Google.

[thehackernews]

#Beware #latest #Android #malware #Google #Play

Comments