Cybersecurity researchers in Zscaler ThreatLabz detected one more party Android malware that was openly available on the Google Play store and downloaded by hundreds of thousands of users before it was removed. This group includes dozens of apps hiding the three main strains of malware: Joker, Facestealer, and Coper.
Even though it sounds like a gallery of Batman rogues, it is three dangerous malware that perform multi-pronged attacks and can compromise personal data, steal login information, trick you into unwanted financial transactions, and even give hackers full access to control of infected devices.
What can Joker, Facestealer, and do a copter?
Like most Android malware, the offending apps were Trojans, programs that look harmless but actually contain malware. Some of the apps in the Zscaler report used sophisticated tactics to bypass Google Play’s malware checks, while others downloaded malware after the app was installed. Some of them can even bypass the antivirus software on the device using these methods.
Of the three types of malware, the majority of infections come from Joker, which has appeared in 50 apps with a total of over 300,000 downloads. Unsurprisingly, the Joker performed the vast majority of attacks; it is a common malware this is commonly used per Wireless Application Protocol (WAP) Fraudwherein victims subscribe to unsolicited subscription services through their mobile carrier. These attacks do not require direct access to your bank or credit card information. and instead rely on the infected device’s mobile data to subscribe to services through your phone bill.
Most of the Joker apps in this batch of malware were messaging and communication apps that access your phone’s text messaging and mobile data features in order to purchase premium subscriptions. then intercept and remove any confirmation texts from the services it subscribes you to. Checking Application Permissions this is a common way to detect dangerous software, but a communications app asking for permissions related to SMS and mobile data doesn’t seem out of place, so affected users may not know they’re paying for unwanted services unless they vigilantly review every item. to their monthly phone bill.
Joker apps will also use personal data they use for WAP scams for other attacks such as hacking into your social media and bank accounts, but real the identity thief in the group is the Facestealer.
Many legitimate apps require a Facebook, Twitter, Google, or Apple ID, but Facestealer apps use fake social media login screens that steal your login information. Fake login screens are usually loaded directly into the app and look like the real thing, so they’re easy to miss. Hackers can then use your login information to hijack your account, spread malware to your friends via messages, or worse, siphon personal information that could help them steal your identity. Zscaler found Facestealer in only one app, Vanilla Snap Camera, which only had 5,000 downloads, but there are almost certainly other Facestealer trojans masquerading as real apps on Google Play.
The latest malware, Coper, also targets your personal details and login information. It can read your text entries from your keyboard, tries to trick you with fake login screens, and even accesses and reads your texts. All of this stolen data is then quietly passed on to the creators of the app to run. stunning, phishingand even SIM-swapping attacks. Coper is dangerous, but luckily only associated with one app, Unicc QR Scanner, which has had around 1,000 downloads. However, the danger here is that the malware was not actually hidden in the application code, but was loaded via a fake app update. This is a common tactic that hackers use to completely bypass Google Play’s malware scans as they might just add malware later.
How to stay safe
You can find a complete list of malicious applications and how they carried out their attacks in Zscaler report. The good news is that all offending apps have been removed from Google Play and disabled on devices that downloaded them from the Play Store.
However, it’s only a matter of time before another android malware round is found. You must always protect yourself from possible threats.
We’ve covered the best ways to protect Android devices, social media accounts, and other personal data from all kinds of scams, hacks and leaks. But when it comes to Android apps, the best way to be safe is to only install apps from reputable and trusted publishers, and only download them from trusted sources like the Google Play Store, APK Mirror, or XDA Developers.
If you choose to download an app from an unknown publisher, be sure to read reviews and research the app online first. However, if the app doesn’t offer features that you simply can’t get in the main publisher’s app, there’s no reason to download alternative text messaging, camera, or QR code scanning apps, especially if your phone can do it all with built-in features. comes with.
#Android #malware #Google #Play