Android malware

Even more malware for Android was found on Google Play.

Death, taxes, and Android malware are the only sure things in life.

Researchers at Zscaler ThreatLabz found another batch of Android malware that was freely available on the Google Play Store and downloaded by hundreds of thousands of people before it was taken down. This group has dozens of apps that hid Joker, Facestealer, and Coper, which are three of the most dangerous types of malware.

Despite sounding like Batman’s rogues’ gallery, these are three dangerous malware that executes multifaceted attacks and can compromise personal data, steal login information, scam you into unwanted financial transactions, and even grant hackers full remote control of infected devices.

What are the abilities of Joker, Facestealer, and Coper?
Like most Android malware, the bad apps were trojans, which are pieces of software that look safe but are actually hiding malware. Some of the apps in Zscaler’s report used clever ways to get around Google Play’s anti-malware checks, while others side-loaded the malware after the app was installed. Using these methods, some malware could even get past the protection on the device itself.

Joker was the most common type of malware. It was found in 50 apps that were downloaded more than 300,000 times in total. It’s not surprising that Joker made up the vast majority of attacks. It’s a popular piece of malware that is often used in wireless application protocol (WAP) scams, in which victims are signed up for unwanted subscription services through their mobile carrier. In these attacks, hackers don’t need direct access to your bank or credit card information. Instead, they use the mobile data on the infected device to sign up for services through your phone bill.

Most of the Joker apps in this batch of malware were messaging and communication apps that use your phone’s texting and mobile data feature to buy premium subscriptions and then intercept and delete any confirmation texts from the services it signs you up for. Reviewing an app’s permissions is a common way to spot dangerous software, but a communication app asking for SMS and mobile data permissions wouldn’t seem out of place, so affected users may not know they’re paying for unwanted services unless they carefully check every item on their monthly phone bill.

Joker apps will also use the personal information they get from WAP scams to break into your social media and bank accounts. However, Facestealer is the real identity thief in the group.

Facestealer apps use fake social media login screens to steal your login information for Facebook, Twitter, Google, or Apple. Many real apps need a Facebook, Twitter, Google, or Apple ID. Most fake login screens load right into the app and look exactly like the real ones, so it’s easy to miss them. Hackers can then use your login information to take over your account and send more malware to your friends through messages or, even worse, steal personal information that can help them steal your identity. Facestealer was only found in one app, Vanilla Snap Camera, which had only 5,000 downloads. However, it’s almost certain that there are other Facestealer trojans on Google Play that look like real apps.

The last piece of malware, Coper, also tries to get your personal information and login details. It can read the text you type on the keyboard, tries to trick you with fake login screens, and can even get to your texts and read them. All of this stolen information is then sent to the app’s creators in a quiet way so that they can use it to launch smishing, phishing, and even SIM swapping attacks. Coper is dangerous, but it’s only linked to one app, Unicc QR Scanner, which has been downloaded about 1,000 times. Malware is dangerous, but it wasn’t hidden in the app’s code. Instead, it was side-loaded through a fake app update. Hackers often do this to get around Google Play’s anti-malware scans, since they can just add the malware later.

How to avoid danger
In Zscaler’s report, you can find a full list of the bad apps and how they did their attacks. The good news is that all of the bad apps have been taken off of Google Play and turned off on devices where they were installed.

Still, it’s only a matter of time before more malware for Android is found. You should always protect yourself from possible dangers.

We’ve talked about the best ways to protect your Android device, social media accounts, and other personal information from scams, hacks, and leaks of all kinds. But when it comes to Android apps, the best way to stay safe is to only install apps from well-known and trusted publishers and only download them from trusted sources like the Google Play Store, APK Mirror, or XDA Developers.

If you want to download an app from a publisher you don’t know, make sure to read reviews and do some online research first. But unless an app has features that you can’t get from a major publisher’s app, there’s no reason to download alternative texting, camera, or QR code scanning app, especially since your phone already has all of these features.