Android malware alerts: Stay up to date with the latest threats to your phone
Official app stores are undoubtedly the best place to download software for your phone, especially when considering security. For Android phone owners, that place is typically the Google Play Store, but malicious apps occasionally manage to slip through despite rigorous precautions.
Identifying unsafe apps can be challenging as malicious developers employ cunning tactics to deceive users before and after downloads. To assist you, we've compiled the latest reports on flagged malicious apps from the Google Play Store, presented in chronological order, starting with the most recent.
Remember, even if an app is removed from the Google Play Store, it might still exist on your phone if previously downloaded. Moreover, many of these apps reappear on the Play Store under slightly different names. Some belong to the FakeApp family, attempting to trick users into making purchases or investments. Others are from the Joker family, aiming to enroll users in paid subscriptions.
Identifying unsafe apps can be challenging as malicious developers employ cunning tactics to deceive users before and after downloads. To assist you, we've compiled the latest reports on flagged malicious apps from the Google Play Store, presented in chronological order, starting with the most recent.
Fake Telegram Premium clone app
A new Android malware called FireScam is spreading via fake Telegram Premium apps hosted on phishing websites imitating Russia’s RuStore, a government-supported app marketplace. The malware first installs a dropper module that hides its malicious intent, then deploys the main Telegram Premium.apk, which steals login credentials, SMS messages, clipboard data, and financial information. FireScam uses Firebase to communicate with attackers, track user activity, and even receive commands for more malware downloads.
5 new apps with the spyware discovered by Kaspersky (July 29, 2024)
Kasperski has discovered that the Android spyware Mandrake, first spotted in 2020, has resurfaced with enhanced capabilities. This new version cleverly bypassed Google Play's security checks, allowing it to infect over 32,000 devices through five seemingly harmless apps. These apps, masquerading as file-sharing tools, crypto platforms, and productivity aids, stole data, recorded screens, and installed additional malware.
Here are the names of the infected apps:
- AirFS - 30,305 installs
- Amber - 19 installs
- Astro Explorer - 718 installs
- Brain Matrix - 259 installs
- CryptoPulsing - 790 installs
To avoid detection, Mandrake employed advanced obfuscation techniques, making it difficult for security software to identify. The malware targeted specific devices based on collected data and then escalated its malicious activities, including stealing credentials and downloading further harmful apps. Despite its insidious nature, none of the infected apps were flagged as malicious until recently.
Google has acknowledged the issue and is working to improve Play Protect's capabilities. That said, it is highly advisable that users delete any of the mentioned apps from their device immediately. Keep your device's operating system and security software up-to-date to protect against similar threats.
Reports on dangerous Android apps
Trojan malware Brokewell disguising as Google Chrome update (April 25, 2024)
Dutch security firm ThreatFabric has discovered a Google Chrome update that disguises itself as legitimate but installs the "Brokewell" trojan malware.
Once installed, this malware collects personal data, grants remote control of the device to attackers, and can spy on users. Additionally, "Brokewell" can access banking apps, posing a significant threat to victims by potentially wiping out their accounts.
The "Brokewell" trojan employs a deceptive Chrome browser update to dupe smartphone users into installing it, utilizing the "overlay" technique to capture login information for targeted applications like banking apps. Through "accessibility logging," the malware records various user interactions, sending this data to a command-and-control server, thereby compromising personal information. With stolen credentials, attackers can remotely control the victim's phone, making all downloaded apps vulnerable to exploitation.
NCC Group discovers upgraded Android banking malware Vultur (March 28, 2024)
The Android banking malware Vultur, first identified in 2021, has evolved with new capabilities, granting it greater control over infected devices, according to security company NCC Group. This upgraded version utilizes Android's Accessibility Services to bypass the Google Play Store, enhancing its remote control functionalities.
Vultur's distribution relies on social engineering tactics, tricking victims via SMS messages into installing it. These messages create urgency by falsely claiming unauthorized transactions, leading victims to download an app disguised as McAfee Security, which is actually the Brunhilda dropper.
Once installed, Vultur enables cybercriminals to perform various malicious activities, including manipulating device functions and stealing credentials, primarily targeting banking apps. Despite its sophistication, Google Play Protect offers automatic protection against known versions of Vultur, emphasizing the need for continued vigilance against such threats.
Vultur's distribution relies on social engineering tactics, tricking victims via SMS messages into installing it. These messages create urgency by falsely claiming unauthorized transactions, leading victims to download an app disguised as McAfee Security, which is actually the Brunhilda dropper.
Once installed, Vultur enables cybercriminals to perform various malicious activities, including manipulating device functions and stealing credentials, primarily targeting banking apps. Despite its sophistication, Google Play Protect offers automatic protection against known versions of Vultur, emphasizing the need for continued vigilance against such threats.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: