Published: September 04, 2022 on our newsletter Security Fraud News & Alerts Newsletter.
Google Play store was recently alerted by Zscaler's ThreatLabz who discovered 36 malware-infected Android apps were hiding in plain sight on their Store. Although Google immediately removed the malware apps as expected, downloads already totaled more than 300,000. It’s likely that any number of Android users have no clue about these infected apps, and that so many are already using one or more of them.
ThreatLabz also found the 36 infected apps belong to one of three malware families known as Joker, Coper, and Facestealer. The malicious activities these families promote include stealing personal data, login information, financial theft, SMS theft, and social media account takeovers. Coper malware is known to give hacker’s full, remote control of an infected device.
Avoid Downloading Infected Apps
Most users wonder how to tell an app is infected before downloading it. Although nothing is guaranteed, the following tips can lower your odds of downloading one (or more) infected apps.
Activate Google’s “Play Protect” on your device. This option runs safety checks on their Store’s apps before users download them.
Read app reviews before installing them. User reviews can show if problems like malicious behavior and other odd activity takes place, all good reasons not to install an app.
Stick with apps from well-known and trusted developers. Fly-by-night developers are risky and are more likely to have nefarious intent.
Pay close attention to permission requests while downloading an app. Decline risky-sounding permission requests and make sure the requests make sense for the app to function.
Keep tabs on your device by monitoring network data and battery use. This can alert you to suspicious consumption due to potentially harmful background activity on your device
And in case you want to know a bit more about how these malware families work, here is a quick overview:
The Joker Malware Family. This malware manipulates advanced permissions on a target device. It also steals SMS (text) messages, device information, contact lists, and can sign victims up for premium wireless services and bigger phone bills. Zscaler's ThreatLabz found 50 apps infected with Joker on Google Play had over 300,000 downloads.
The Facestealer Malware Family. This malware targets Facebook users to steal their accounts by using bogus overlay login screens. Targets are prompted to login to Facebook, where the overlay login page steals their login data and hijacks authorization tokens. Zscaler's ThreatLabz found one of several infected utility apps was installed nearly 5,000 times on Google Play.
The Coper Malware Family. This malware family is known for their banking trojans. This malware takes control of a device by sending commands to a remote server under the hacker’s purview. Coper malware can also attack victims with keylogging, bogus login page overlays, sending and stealing texts, and locking or unlocking a device screen at will.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org