Android users beware: A new piece of malware is popping up in the Google Play Store and it’s coming to your data.
Called “Facestealer”, this new malware can steal personal information on your phone, hijack your social media passwords by forcing fake logins, and blow up your device with invasive ads.
Ssecurity researchers at Doctor Web Anti-Virus first discovered Facestealer wondering in 10 Android apps back in July 2021, but the latest batch of shady downloads includes 200 malicious apps, almost all of which were available in the Google Play Store and other third-party marketplaces for several weeks before being removed.
While the problem apps came from a number of categories, the most common were:
- Fake VPN services
- Camera and photo editing apps
- and – not surprisingly – cryptocurrency-related apps.
The fake cryptocurrencies were even added additional malware that could potentially steal a user’s wallet keys.
All 200 apps have been removed from Google Play and other download sources. But many of these apps managed to garner thousands of downloads in the few weeks they were available. Of course, users did not deliberately download malware – e.g. apps often seem legitimate on the surface, and even include all the advertised features, or rest in peace from the look and feel of other apps to appear more like the real thing.
These apps can even fool Google. While Google Play has built-in anti-malware security measures and scans all apps uploaded to the service, malicious app developers have devised sophisticated ways to hide their illegal intentions. So even though Google’s scans make it very clear, the code lurks simple commands that install a hidden malware payload or quietly download it in the background from a remote server. (This is how other infamous Android malware like Joker and Octo work too.)
WAlthough Google may eventually catch these tricks, they are often reactive rather than proactive, meaning new methods of infection can emerge at any time and take weeks to figure out.. This is a major flaw in Google’s and Android security measures, and it is not something that can be fixed from one day to the next.
However, avoiding Android malware is not impossible; you just need to be aware of what you are downloading so that you can proactively spot problematic apps.
How to avoid Android malware
We have discussed many of the revealing signs of a malicious app before, including (but not limited to) if an app:
- Requests excessive and unrelated app permissions. For example, a VPN needs not accessing your camera.
- Requires “additional software” installations or attempts to load additional apps.
- Spamming you with ads.
- Suddenly asks for payment information to continue using free features (especially if those features are freely available from other apps or are already built into your device).
- Is an obvious ripoff of other popular apps.
- Is only available at skewed or unknown third-party stores.
Obviously, not all fake apps will trigger red flags – that’s part of the reason they’re so common – so always check the reviews first. And I mean really read the reviews. Don’t just check the app’s star rating or skim the highest rated feedback. If you notice a lot of 1-star reviews that call shady behavior or poor quality or the only reviews are 5 star reviews without much information, so it’s probably fake.
And if you’ve ever in doubt, do not download it. And if you do download something later turns out to be creepy or a pure scam, delete it, write a review to warn others, and report the app to Google.
[thehackernews]