{"id":20878,"date":"2022-07-21T04:11:40","date_gmt":"2022-07-21T04:11:40","guid":{"rendered":"https:\/\/harchi90.com\/even-more-android-malware-was-discovered-on-google-play\/"},"modified":"2022-07-21T04:11:40","modified_gmt":"2022-07-21T04:11:40","slug":"even-more-android-malware-was-discovered-on-google-play","status":"publish","type":"post","link":"https:\/\/harchi90.com\/even-more-android-malware-was-discovered-on-google-play\/","title":{"rendered":"Even More Android Malware Was Discovered on Google Play"},"content":{"rendered":"
\n
\n
<\/p>\n
\n
\"Image<\/div>\n<\/div>\n

<\/span><\/p>\n

photo: to the tock (Shutterstock)<\/figcaption><\/p>\n<\/div>\n

<\/figure>\n

cybersecurity at researchers Zscaler ThreatLabz discovered<\/span> yet another batch of Android malware that was openly available on the Google Play Store and downloaded by hundreds of thousands of users before it was removed. This group includes dozens of apps that hid three major malware strains: Joker, Facestealer, and Coper.<\/p>\n

Despite sounding like Batman’s rogues gallery, these are three dangerous malwares that execute multifaceted attacks and can compromise personal data, steal login information, scam you into unwanted financial transactions, and even grant hackers full remote control of infected devices.<\/p>\n

What can Joker, Facestealer, and Coper do?<\/h2>\n

Like most Android malware, the offending apps were trojans\u2014software that looks harmless, but secretly contains malware. Some of the apps in Zscaler’s report used sophisticated tactics to bypass Google Play’s anti-malware inspection, while others side-loaded the malware after the app was installed. Some could even slip past on-device anti-malware using these techniques.<\/p>\n

Of the three types of malware, Joker accounted for the majority of infections, appearing in 50 apps with over 300,000 combined downloads. It’s not surprising Joker made up the overwhelming majority of attacks; it is a prolific malware<\/span> that’s commonly used<\/span> for wireless application protocol (WAP) scams<\/span>in which victims are signed up for unwanted subscription services through their mobile carrier. These attacks do not need direct access to your bank or credit card information, and instead rely on the infected device’s mobile data to subscribe to services via your phone bill.<\/p>\n

Most of the Joker apps in this batch of malware were messaging and communication apps that access your phone’s texting and mobile data features to buy premium subscriptions, then intercept and delete any confirmation texts from the services its signs you up for. Reviewing an app’s permissions<\/span> is a common way to spot dangerous software, but a communication app asking for SMS and mobile data-related permissions wouldn’t seem out of place, so affected users may have no idea they’re paying for unwanted services unless they vigilantly review every item on their monthly phone bill.<\/p>\n

\n
\n

G\/O Media may get a commission<\/p>\n

\n
\n
\n
<\/div>\n<\/div>\n<\/div>\n
\n

Summer Styles<\/strong>
All these shirts are $26 with a Kinja exclusive deal.<\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n

Joker apps will also use the personal data it uses for WAP scams for other attacks, like breaking into your social media and banking accounts, but the real <\/em>identity thief in the bunch is Facestealer.<\/p>\n

Plenty of legitimate apps require a Facebook, Twitter, Google, or Apple ID, but Facestealer apps use fake social media login screens that steal your login information<\/span>. The spoofed login screens usually load directly in the app and look like the real thing, so it’s easy to overlook. Hackers can then use your login information to hijack your account to spread more malware to your friends through messages, or, worse, siphon personal information that can help them steal your identity. Zscaler found Facestealer in just one app, the Vanilla Snap Camera, which only had 5,000 downloads, but it’s almost certain there are other Facestealer trojans masquerading as real apps on Google Play.<\/p>\n

The last malware, Coper, also targets your personal data and login information. It can read your keyboard text entries, tries to dupe you with fake login screens, and even accesses and reads your texts. All of this stolen data is then quietly shared with the app’s creators to launch smishing<\/span>, phishing<\/span>and even SIM swapping attacks<\/span>. Coper is dangerous, but luckily only associated with a single app, Unicc QR Scanner, which had about 1,000 downloads. However, the danger here is that the malware wasn’t actually hidden in the app’s code, but rather side-loaded via a fake app update. This is a common tactic hackers use to circumvent Google Play’s anti-malware scans entirely, since they can simply add the malware later.<\/p>\n

How to stay safe<\/h2>\n

You can find a full list of the malicious apps and how they executed their attacks in Zscaler’s report<\/span>. The good news is all offending apps were removed from Google Play and disabled on devices that downloaded them from the Play Store.<\/p>\n

That said, it’s only a matter of time before another <\/em>round of Android malware<\/span> is discovered. You need to protect yourself from possible threats at all times.<\/p>\n

We’ve covered the best ways to safeguard Android devices, social media accounts, and other personal data against all manner of scams, hacks, and leaks<\/span>. But when it comes to Android apps, the best way to stay safe is to only install apps from well-known and trusted publishers, and only download them from verified sources like the Google Play Store, APK Mirror, or XDA Developers.<\/p>\n

If you decide to download an app from an unknown publisher, make sure to read the reviews and research the app online first. However, unless an app offers functionality you simply cannot get from a mainstream publisher’s app, there’s no reason to download alternative texting, camera, or QR code scanning apps\u2014especially when your phone can do all of these things with the built-in features it comes with.<\/p>\n

[Bleeping Computer<\/span>]<\/p>\n<\/div>\n

.<\/p>\n","protected":false},"excerpt":{"rendered":"

photo: to the tock (Shutterstock) cybersecurity at researchers Zscaler ThreatLabz discovered yet another batch of Android malware that was openly available on the Google Play Store and downloaded by hundreds of thousands of users before it was removed. This group includes dozens of apps that hid three major malware strains: Joker, Facestealer, and Coper. Despite …<\/p>\n

Even More Android Malware Was Discovered on Google Play<\/span> Read More »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[4],"tags":[1712],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":6911,"url":"https:\/\/harchi90.com\/avoid-these-toll-fraud-apps-on-android\/","url_meta":{"origin":20878,"position":0},"title":"Avoid These ‘Toll Fraud’ Apps on Android","date":"July 7, 2022","format":false,"excerpt":"photo: Stokkete (Shutterstock)Older Android phones are a known security risk, but recent research from Microsoft's 365 Defender Research Team shows just how vulnerable the outdated devices are vulnerable to a serious form of malware known as \u201ctoll fraud.\u201dToll fraud malware hides in normal-looking apps, quietly signing up users for premium\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":15526,"url":"https:\/\/harchi90.com\/delete-these-android-apps-infected-with-autolycos-malware\/","url_meta":{"origin":20878,"position":1},"title":"Delete These Android Apps Infected With Autolycos Malware","date":"July 15, 2022","format":false,"excerpt":"photo: rafapress (Shutterstock)Try as Google might, it seems there's no stopping malware-infected apps from sneaking their way onto the Play Store. We've covered plenty of cases in the past, including the recent \u201ctoll fraud\u201d malware targeting older Androids. Now, the scammers behind a new strain of malware have tricked users\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":19984,"url":"https:\/\/harchi90.com\/google-pulls-malware-infected-apps-3-million-users-at-risk-the-register\/","url_meta":{"origin":20878,"position":2},"title":"Google pulls malware-infected apps, 3 million users at risk \u2022 The Register","date":"July 20, 2022","format":false,"excerpt":"Google pulled 60 malware-infected apps from its Play Store, installed by more than 3.3 million punters, that can be used for all kinds of criminal activities including credential theft, spying and even stealing money from victims. Zscaler's ThreatLabZ and security researcher Maxime Ingrao from fraud protection firm Evina discovered the\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":17310,"url":"https:\/\/harchi90.com\/malware-infected-apps-hit-over-3-million-android-devices-delete-these-now\/","url_meta":{"origin":20878,"position":3},"title":"Malware infected apps hit over 3 million Android devices \u2014 delete these now","date":"July 17, 2022","format":false,"excerpt":"Bad apps infected with malware which subscribe users to premium services without their knowledge have been downloaded over three million times from the Google Play Store.As reported by BleepingComputer (opens in new tab)a new malware family dubbed 'Autolycos' was discovered in eight popular Android apps by security researcher Maxime Ingrao\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6472,"url":"https:\/\/harchi90.com\/update-chrome-asap-on-android-and-windows\/","url_meta":{"origin":20878,"position":4},"title":"Update Chrome ASAP on Android and Windows","date":"July 6, 2022","format":false,"excerpt":"photo: VideoBCN (Shutterstock)If you use Google Chrome on Windows or Android, you need to update ASAP. there's a new browser update for each platform that includes patches for newly discovered security vulnerabilities. The bad news: One of these security flaws has a known exploit, meaning your browser and its data\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":19179,"url":"https:\/\/harchi90.com\/several-new-play-store-apps-spotted-distributing-joker-facestealer-and-coper-malware-the-hacker-news\/","url_meta":{"origin":20878,"position":5},"title":"Several New Play Store Apps Spotted Distributing Joker, Facestealer and Coper Malware \u2014 The Hacker News","date":"July 19, 2022","format":false,"excerpt":"Google has taken steps to ax dozens of fraudulent apps from the official Play Store that were spotted propagating Joker, Facestealer, and Coper malware families through the virtual marketplace. While the Android storefront is considered to be a trusted source for discovering and installing apps, bad actors have repeatedly found\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"https:\/\/i0.wp.com\/thehackernews.com\/new-images\/img\/b\/R29vZ2xl\/AVvXsEgvfqow2z1XORevUpzKGWWXZ2DP4dMaNi-7cycpa3J_bSZKv0tO6MP40HLl7lvVJDIswOmb6I-YoNMLJym4v9oLZQczujsMqcttB3M_Cvm6E-zLs0XrpwaTZ_SGFjckDfi3CPfijZaii8Z88_btcKeHKKfxm7cDyF3kaVvsirGpb2JWVH0Ot3xGiC2sZg\/s1600\/strike-728.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"fifu_image_url":"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fill,f_auto,fl_progressive,g_center,h_675,pg_1,q_80,w_1200\/4b6a22aef4a0a1bbfe447e71abb3f574.jpg","_links":{"self":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/20878"}],"collection":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/comments?post=20878"}],"version-history":[{"count":0,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/20878\/revisions"}],"wp:attachment":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/media?parent=20878"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/categories?post=20878"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/tags?post=20878"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}