Android’s hide and seek with malicious apps continues

  • TECH
  • Wednesday, 17 Jan 2018

Among 2,000 Android users surveyed in France, Germany, Italy and Spain, around 28% download additional search apps, 29% download at least one new app store, and 23% download at least one alternative web browser to the apps that come pre-installed, the alliance said.

The open and flexible nature of Android OS makes it more vulnerable to security issues, than perhaps other operating systems such as iOS. The ever-evolving nature of malware also makes detecting malicious apps harder. 

According to antivirus company Quick Heal, malware attacks on Android devices increased by 40% in Q3 2017 and apps from third-party stores continue to be the top source of malicious apps. That doesn't mean every app on the Play Store is harmless. A number of malicious apps were detected on the Play Store. Here are the latest malware attacks users need to be aware of. 

Malware that apes original apps 

An Android malware called Flash Player is targeting banking and cryptocurrency apps. So far 232 banking and cryptocurrency apps are reportedly affected by it, according to antivirus company Quick Heal. This puts users who randomly download apps from third-party app stores at greater risk than users who stick to the Play Store. The malware infiltrates a smartphone by asking users to download a flash player app. Once installed it asks for accessibility rights which it uses to imitate notifications of these banking apps and asks users for their user ID and password. 

The best way of steering clear of such malwares is to never download apps from third-party stores. Also, one should be more careful before giving accessibility rights to any app. Users who are already affected should change the passwords of their banking apps and factory reset their smartphone. 

New kind of malware 

Google scans the Play Store regularly through Play Protect security tool, yet malicious apps manage to sneak through. What makes them hard to identify is the new languages and methods used by hackers to write them. Antivirus company Trend Micro found a new type of malware written using Kotlin, a fully-supported programming language for Android which is believed to be more secure and is used by a number of genuine Android apps. The malware was passed on through a utility app which has been downloaded from Google Play Store by around 5,000 users before it was taken down by Google. 

Once the malware is installed, it uses the mobile connection to subscribe for a premium SMS subscription service without users' knowledge. The remote server uses the subscription to send URLs to other devices and generate clicks. This malware doesn't target any of the confidential data, but can cause monetary loss to users through the SMS subscription service. Users should read the details of new apps and only download apps from trusted developers. 

Fake anti-virus apps 

Another malware called AdultSwine was detected in over 60 apps and games on Play Store by researchers at Check Point security, who believe these apps have been downloaded on more than 7 million Android devices. 

Once installed on a device, the app starts showing pornographic advertisements. Clicking on them displays messages on mobile browser warning users their smartphone has been infected and then suggests some fake antivirus apps to flush out the malware. Once the antivirus app is installed, the hacker has access to the phone's accessibility rights as most antivirus apps require that to work. 

The 60 infected apps have already been removed from the Play Store by Google. 

Malware that can damage smartphones 

Most malware attacks target users for confidential data. Loapi is a rare malware which targets a smartphone to mine a cryptocurrency called Monero. Researchers at Kaspersky Lab found the malware hiding in 20 apps on third-party stores. Once installed on a smartphone, Loapi uses its resources to solve a cryptographic challenge and earn rewards in the form of a cryptocurrency. Kaspersky claims the malware can open 28,000 URLs on a smartphone in a day. 

This can cause serious damage to the phone's internals such as battery and motherboards. To avoid this kind of malware and protect their smartphone, users should keep away from third-party app stores. — Tribune News Service

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3

What do you think of this article?

It is insightful
Not in my interest

Across The Star Online

Life Inspired has a chic new look

2020 is all about change, and Life Inspired did just that with a fresh makeover!

This month, we speak to 3 female icons about empowerment and more - read it for FREE this week.