Although many users consider it safe to download applications from the Official Google Play Store, you could unknowingly be installing software that spies on you, bills you weekly or allows attackers to take remote control of your device.
An example of this is the recent spreading of the Joker, Coper and Facestealer malwares via multiple apps masquerading in the Google Play store as translators, SMS messaging, photo editing and custom keyboard apps.
The Joker malware is a persisting threat that hit users hard in both July 2020 and at the end of last year. With each resurgence the number of infecting apps increases and with it so does the number of victims.
In a report published by Zscaler, more than 50 identified apps were listed to help prevent users from installing and using these fraudulent apps. The combined number of user installations totalled over 100,000 last week, but the number is quickly rising and now sits at over 330,000 installations.
By infecting your device with the Joker malware, attackers are given free rein to steal potentially sensitive information from your device by spying on your phone. This includes copying and sending data from your SMS text messages or contact lists back to the attackers for nefarious purposes. The malware also subscribes the user to premium services with neither their knowledge or permission resulting in financial loss to the victim.
This is not the first time that malware was found being spread via the Google Play store, in fact last week cybersecurity researchers discovered a malware which got over two million downloads from users and caused their devices to suffer from “Adware infections displaying unwanted advertisements that can be particularly intrusive, degrade the user experience, deplete the battery, generate heat, and even cause unauthorized charges”.
An article by bleeping computer also reports that applications spreading the new malware ‘Autolycos’ were only removed after they had already received more than 1 million downloads and by combining the number of installations across the 8 detected apps, the malware was installed 3 million
Malware spreading via the Google Play Store is an ongoing issue that is growing more common, however there are a few steps you can take to minimize the risk and help to protect your device.
First of all, users should only download applications from trusted software vendors and avoid APK downloads from untrusted sources. Users should keep in mind that Play Store reviews are not a reliable way to tell whether an app is trustworthy as these malicious apps will often use fake reviews created by bots.
Applications will often request elevated access, such as the devices SMS messaging or the users contact list, so ensure that you are checking what permissions are being requested and avoid giving untrusted applications permissions they don’t need.
Ensure that Google Play Protect is turned on for your device as it can run safety checks on apps before they are installed, and can scan your device for potentially harmful applications to remove them.
Finally, you can use a mobile security tool to add a second layer of protection for your device, however only reputable software should be used, such as Avast Mobile Security or Norton Mobile Security.
You should uninstall the application immediately and check whether you have been billed for any suspicious charges.
You should also monitor your battery and internet data consumption to check for suspicious resource usage.