Google recently banned around 50 apps on the Play Store containing malware. The latest Android malware discovery was thanks to cybersecurity researchers at Zscaler ThreatLabz. These apps were openly available for download on the Google Play Store. The researchers also claim that the apps hid three major malware strains – Coper, Joker, and Facestealer. And although Google removed the apps, researchers claim that they have already been downloaded more than 300,000 times. In addition, most of the apps infected by the Android malware belonged to the communication, health, personalization, photography, and tools category.
Zscaler ThreatLabz’s report
Cybersecurity researchers at Zscaler found Joker, Facestealer, and Coper in the infected apps. These are the three major Android malware strains and the most dangerous too. Attackers hid them in apps that, on the surface, appeared seemingly harmless. Zscaler reported that some apps employed “sophisticated tactics” to avoid Google’s anti-malware inspiration. In addition, some apps “side-loaded” the malware after a user installed them. And through these techniques, some apps bypassed even on-device anti-malware.
Out of the three Android malware, most apps contained Joker. And it’s hardly surprising since it’s a “prolific malware” commonly used for WAP (wireless application protocol) scams. In such scenarios, the malware signs its victims into unwanted subscription services via a mobile carrier. Thus, Joker does not require direct access to their target’s bank or credit card details, instead relying on their device’s mobile data to subscribe to services through their phone bills.
Facestealer (an apt name) is the actual “identity thief” among the recently discovered Android malware. It uses fake social media login screens to steal its victim’s login information. In fact, the face login screens load directly in the app and look similar to the real one. Thus, it becomes difficult for victims to identify them as fake. Then, after obtaining their target’s login details, attackers use it to hijack their accounts to spread more malware to their contacts through messages. Hackers can even siphon their victims’ personal information to steal their identities. Fortunately, Zscaler researchers found Facestealer only in one app – the Vanilla Snap Camera (5,000 downloads).
Like Facestealer, Coper also targets a victim’s data and login information. Coper can – read targets’ keyboard text entries, fake login screens, and access and read their messages. Then, it shares these data with the app’s creators to attack victims with smishing, phishing, and SIM swapping. Zscaler researchers reported that Coper was found in only one app – Unicc QR Scanner (1,000 downloads). Unfortunately, Coper wasn’t hiding in the app’s code. Instead, it side-loaded through a fake update.
Solutions to stay safe from such attacks
It wouldn’t be hard to avoid attacks by such Android malware if users kept specific pertinent points in mind. For instance, the best way to stay safe from such attacks is only to install apps from well-known and trusted publishers. In addition, users should download apps from only verified sources like the Google Play Store, APK Mirror, or XDA Developers.