Published: July 19, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
Most of us have our own personal pocket computer these days in the form of a smartphone or tablet. However, sometimes what we want to download to those, like what we put on our laptops or desktops, should be very carefully scrutinized in advance. Case in point—researchers at Dr. Web have found that at least nine apps that can be found in the Google Play Store harbor malicious code. Unfortunately, they have already been downloaded more than 5.8 million times by unsuspecting users.
A little reminder is in order. Before downloading anything to your smart device, laptop, desktop, or whatever devices you have, take a moment to research what the application is and what it supposed to do. Then read reviews to make sure it really does that. Keep in mind that if a product is new in any app store, consider holding off on getting it. That gives other users time to figure out the bugs for you. If there aren’t many reviews, it’s another flag to be patient. Often, you will find out that it really is not what you wanted or is filled with malware or adware; and we all could probably do well with seeing fewer ads in our lives.
So, what are these apps and what exactly makes them malicious? First, know that they steal Facebook credentials. By asking users to put in their Facebook login information to avoid seeing all the ads and get access to all the features of the apps, the malware actually captures logins and passwords. No one really wants that, so if you have any of the apps on the following list, delete them immediately. In addition, change your Facebook credentials and even consider doing that first. Make that password strong and enable multi-factor authentication on it. Facebook offers several ways of doing this, so just pick one.
The troublesome apps are:
Processing Photo—Downloaded more than 500,000 times
App Lock Keep—Downloaded more than 50,000 times
App Lock Manager—Downloaded at least 10 times
Lockit Master—Downloaded at least 5,000 times
Rubbish Cleaner—Downloaded more than100,000 times
Horoscope Daily—Downloaded at least 100,000 times
Horoscope Pi—Downloaded more than 1,000 times
Inwell Fitness—Downloaded more than 100,000 times
PIP Photo—Downloaded more than 5,000,000 times
All of these are fully functional, which makes it difficult for users to detect anything nefarious is going on in the background, but no doubt something is.
Some of the apps were deleted by Google, but some were not. And some that were previously deleted showed up again in another form. So always do your homework and you can avoid having frustrations like these.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org