One of the apps was found dropping recently surfaced “The Joker” malware.
A report published by Russian antivirus developer Doctor Web has revealed that despite implementing the latest security features Google Play Store is still home to loads of dangerous malware, adware, and spyware. These malicious apps aim at personal as well as banking data of unsuspected Android users.
The apps in the discussion are Yobit trading, Encontre Mais (both happened to be banking trojans), Motocycle Road 2D, Insight Photo Editor, Cell Camera, Pledge Clean, Mentor Security, Compose Camera, Display Wallpaper, Green Camera, etc. As their names indicate, the malicious apps ranged from utilities, cameras, gaming to anti-virus apps.
Although these apps had tons of installs collectively and seemingly looked legit, in the background the dropped malware including “The Joker,” adware and in some cases spyware to keep an eye on users’ activities as well as steal their data.
Some of these apps displayed invasive pop-ups and bombarded users’ phones with unwanted ads, slowing their devices and end up generating income for criminals. According to Dr.Web’s blog post, these apps,
“subscribe users to expensive services by loading websites with premium content and clicking the appropriate links without user’s knowledge.”
At the time of publishing this article; Google had removed all malicious apps from Play Store. However, users should make sure they no longer have apps on their phones. It is recommended that a full system restore be performed as well as a cleanup of files to ensure device integrity.
For Android users, HackRead has complied a list of tips that would protect them against malicious attacks:
1. Break the habit of saving important passwords
People tend to save passwords in their browser and apps to avoid re-entering their details, thinking who would access their phones except them? but hackers can. You should avoid saving passwords, especially in banking websites or apps.
2. Turn On Screen Lock
Android has a screen-lock feature on its every device. It provides a layer of security to your device. There are several types of screen lock that you can choose from including the password, pattern, face detection, and pin. Set up a strong password or pattern lock which makes it hard to access.
3. Use App Lock
App lock adds an extra layer of security to your device, which can prevent users from accessing your important apps, or in case if your device gets stolen or lost.
You can use AppLock from Google Play Store for this purpose. It can lock apps which you don’t want other people to access. Try setting up a strong password, and make sure you don’t leave smudges on the device screen for someone to figure it out.
4. App Permission
Android works on the concept of sandbox. Each app requires a list of permissions before execution. Always read permission before allowing it access e.g. an alarm app wouldn’t ask you for mic access. This step is important because not all apps on the Google play store are safe. Google does remove malicious apps from its store but there are millions of apps on the market.
Before installing any app, do review the comments of people. It gives you insight into how the app really is.
5. Turn Off automatic message retrieval
The flaw that exploited 950 million Android devices across the world and dubbed as “Stagefright.” It used android’s media playback tool which helps you download images and videos that people send. Hackers used this flaw to send hacking codes in multimedia messages which started to retrieve automatically because of the built-in feature.
You can disable this feature in Android.
1) Open your default message app or another app that you use alternatively for retrieving messages.
2) If you are not sure which app is used for MMS retrieval, go to your phone’s setting, select “more” tab under the Wireless & networking section and find for “default messaging app.”
3) Open that app and go into the settings and look for “auto-retrieving multimedia messages.”
4) Uncheck the option.
6. Use Security App
Mobile security app provides most of the security Android need. Companies like Kaspersky, ESET, Avast and more, made it their motive to remove malicious software, security flaws, and other hack attacks. Security app also provides an anti-theft feature, which erases your personal data remotely from your device in case if it gets stolen or lost. There are many security apps available in free and paid versions.
7. Network Encryption App
Your web-browsers are vulnerable and exposed to exploit. Most of the common hacks are done by redirecting your web request to malicious server locations. Or your mobile is exposed through cookies when you are using public Wi-Fi, other people can impersonate you and access your personal information and accounts like Facebook and other sites.
You can use some free Android encryption app or trustworthy VPN for Android on Google Play Store which provides premium dedicated service to protect your information and always send encrypted outgoing data.
Perform regular backups
Consider your mobile gets stolen, lost, or you just upgrade your device? what would you have in the backup? Android backup support provides this service thinking that in mind. It is recommended to perform regular backups in case if anything happens to your device.