More brutal malware-laden Android apps are lurking on the Play Store
Dozens of apps found to be carrying three malware families
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
More malicious mobile apps have been found and removed from theGoogle Play Storefollowing urgent warnings from security experts.
Cybersecurity researchers from ThreatLabz recentlyreportedspotting three differentmalwarefamilies, hiding in a multitude of apps that between them have had more than 300,000 downloads.
The families are called Joker, Facestealer, and Coper. Joker is quite an advanced piece of mobile malware, capable of stealing sensitive information from the compromised endpoints, grabbing SMS messages, call lists, and contacts from the devices, as well as subscribing the victims to premium wireless application protocol (WAP) services.
Camera and QR code apps
Joker, which was found in at least 50 applications, usually hides in communication apps, with these apps usually requesting permissions to access the contacts list, to make phone calls and send/receive SMS messages, avoiding any possible suspicion.
Facestealer, as the name would suggest, does not steal faces, but ratheridentities- Facebook accounts. It does so by placing a fake login form on top of a login form of a legitimate app.
This malware was found in one app, called “Vanilla Snap Camera”, which has had some 5,000 downloads. Last but not least, Coper is an infostealer that reads the victims’ SMS text messages, is capable of sending malicious SMS messages to people in the contacts list, logs keys and taps, and harvests sensitive data back to the attackers’ command & control servers. This one was found in an app called “Unicc QR Scanner” which has had some 1,000 downloads.
This Android malware is so dangerous, even Google is worried>Beware - another dangerous Android malware has had millions of downloads from the Google Play Store>Looking for a solid Android antivirus solution? Here’s our take
Unicc QR Scanner itself does not carry the malware, the researchers further found, but once the victim downloads it, the app will trigger an “update”, during which the malicious payload gets dropped on the endpoint.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The usual advice for keeping mobile devices safe is to only download from legitimate sources, but given that threat actors are getting better at smuggling malware into the Play Store, this security measure will no longer suffice.
Mobile users should also pay attention to the app reviews and ratings, as these are often a good indicator, especially for apps with thousands of downloads (those with fewer downloads could have their reviews rigged by bots). Finally, they should be skeptical of any permissions asked by the app, as they are also a good indicator if the app has ulterior motives or not.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
