Android users are attentive: a new piece of malware is appearing on the Google Play Store, and it’s coming for your data.
This new malware, called “Facestealer”, can steal personal information On your phone, hijack your social media passwords by forcing fake logins, and blast your device with invasive ads.
sSecurity researchers at Doctor Web Anti-Virus first discovered facesteller lurking In 10 Android Apps in July 2021, But the latest collection of suspicious downloads It includes 200 malicious applications, almost all of which were available on the Google Play Store and other third-party marketplaces for several weeks before they were removed.
While the problem The apps came from a range of categories, the most common being:
- Fake VPN Services
- Camera and photo editing apps
- And – unsurprisingly – cryptocurrency-related applications.
Even fake crypto apps have been implanted with additional malware that can steal a user’s wallet keys.
All 200 التطبيقات Apps Run It has been removed from Google Play and other download sources. However, many of these apps managed to amass thousands of downloads in the few weeks they were available. Of course, users weren’t intentionally downloading malware – like Apps often look legit on the surface and even Includes all advertised features, or rest in peace From the look and design of other apps to look more like real apps.
These apps can trick Google. While Google Play has built-in anti-malware protections and scans all apps uploaded to the service, malicious app developers have devised sophisticated ways to hide their illegitimate intentions. So, while Google’s scans give all the clarity, the commands lurking in the code are simple commands that install a hidden malware payload or download it quietly in the background from an external server. (This is how other popular Android uses Malware like Joker And Octo work too.)
WAlthough Google may eventually pick up on these scams, they are often reactive rather than proactive measures, meaning that new infection methods can emerge at any time and take weeks to overcome.. This is a major flaw in Google and Android security measures, and It’s not something that can be fixed overnight.
However, avoiding Android malware is not impossible; You just have to be mindful of what you’re downloading so you can proactively detect problematic apps.
How to avoid Android malware
We’ve discussed many tell-tale signs of a malicious app before, including (but not limited to) whether the app:
- Excess and irrelevant app permissions are requested. A VPN doesn’t need access to your camera, for example.
- Requires Additional Software installations or attempts to sideload additional applications.
- Spam with ads.
- It suddenly asks for payment information to continue using free features (especially if said features are freely available from other apps or already built into your device).
- It is an obvious steal for other popular apps.
- Available only in superficial or unknown third-party stores.
Obviously not every fake app will send red flags – which is part of why they are so common – so always check the comments first. and I mean Is that true Read reviews. Don’t just check the app’s star rating or browse through the top rated reviews. If you notice a bunch of 1-star reviews calling for questionable behavior or poor quality or The only reviews are 5 star ratings without much information, they are probably fake.
And if in doubt, do not download it. and if you were Act Download something later It turns out to be suspicious or outright scam, delete it, leave a comment to warn others, and report the app to Google.