Cybersecurity researcher at Zscaler ThreatLabz discovered another batch of Android malware that was openly available on the Google Play Store and downloaded by hundreds of thousands of users before it was removed. This group contains dozens of apps hiding three major malware strains: Joker, Facestealer and Coper.
Although they sound like Batman’s rogues’ gallery, they are three dangerous malware that perform multi-faceted attacks and can compromise personal information, steal login credentials, trick you into making unwanted financial transactions, and even grant hackers full remote access permission Control of infected devices.
What can Joker, Facestealer, and coper do?
Like most Android malware, the attacking apps were trojans – software that looks harmless but secretly contains malware. Some of the apps in Zscaler’s report used sophisticated tactics to bypass Google Play’s anti-malware inspection, while others sideloaded the malware after the app was installed. Some might even slip past anti-malware on the device using these techniques.
Of the three types of malware, Joker was responsible for the most infections, appearing in 50 apps with over 300,000 combined downloads. Not surprisingly, Joker made up the overwhelming majority of attacks; it is prolific malware This is commonly used to the WAP (Wireless Application Protocol) scams.in which Victims are signed up for unwanted subscription services through their mobile operator. These attacks do not require direct access to your bank or credit card information, and instead rely on the infected device’s mobile data to subscribe to services through your phone bill.
Most of the joker apps in this malware stack were messaging and communication apps that access your phone’s SMS and mobile data capabilities to purchase premium subscriptions. then intercept and delete all confirmation texts from the services you sign up for. Check an app’s permissions is a common way to detect dangerous software, but a communication app asking for SMS and mobile data permissions doesn’t seem out of place, so affected users may not know they’re paying for unwanted services if They don’t carefully review each item on their monthly phone bill.
Joker apps will also use the personal data it uses for WAP scams for other attacks, like breaking into your social media and banking accounts, but the real identity thief in the bunch is Facestealer.
Plenty of legitimate apps require a Facebook, Twitter, Google, or Apple ID, but Facestealer apps use fake social media login screens that steal your credentials. The fake login screens are usually loaded directly into the app and look like the real thing, making them easy to miss. Hackers can then use your credentials to hijack your account to spread more malware via messages to your friends, or worse, steal personal information that can help them steal your identity. Zscaler found Facestealer in only one app, the vanilla Snap Camera, which only had 5,000 downloads, but it is almost certain that there are other Facestealer Trojans posing as genuine apps on Google Play.
The last malware, Coper, also targets your personal information and credentials. It can read your keyboard text input, tries to fool you with fake login screens and even accesses and reads your texts. All this stolen data is then silently shared with the app’s creators to launch it blaring, phishingand even SIM swapping attacks. Coper is dangerous, but thankfully it’s only linked to a single app, Unicc QR Scanner, which has had around 1,000 downloads. However, there is a risk here that the malware is not really hidden in the app’s code, but was sideloaded via a fake app update. This is a common tactic used by hackers to completely bypass Google Play’s anti-malware scans since they can simply add the malware later.
This is how you stay safe
Here is a complete list of malicious apps and how they carried out their attacks Report by Zscaler. The good news is that all objectionable apps have been removed from Google Play and disabled on devices that downloaded them from the Play Store.
Until then, however, it is only a matter of time Another Round Android malware is discovered. You must protect yourself from potential threats at all times.
We’ve covered the best ways to protect Android devices, social media accounts, and other personal information all kinds of scams, hacks and leaks. But when it comes to Android apps, the best way to stay safe is to only install apps from known and trusted publishers and only download them from verified sources like Google Play Store, APK Mirror or XDA Developers.
If you decide to download an app from an unknown publisher, first read the reviews and research the app online. However, if an app doesn’t offer features you just can’t get from a mainstream publisher’s app, there’s no reason to download alternative SMS, camera, or QR code scanning apps — especially if your phone has all of those Can do things with the built-in features it comes with.