Android smartphones have become a major target for hackers and most of the attacks are carried out thorough fake apps, The recent spate of malware that are ready to target Android phones is a worrying trend. Millions of devices and users have already been affected. At risk are Android users who use smartphones running older versions of the software, or those who download apps without checking their credentials and source. Here are some of the latest forms of malware which can be avoided if users and OEMs (original equipment manufacturers) show more urgency on the matter.
A new kind of malware, CopyCat malware, poses a serious threat to Android users. It was detected by Checkpoint research in July 2017, by which time it has affected over 14 million devices in Asia and North America. It gains entry into a smartphone through a repackaged version of a legitimate app on third-party stores. Once downloaded, it installs a rootkit to root the device so it can disable its security system and gain full control over the device. It then replaces the Referrer ID of the app launcher with its own, allowing the hacker to make money by receiving credit by fraudulently installing apps. To avoid this malware, it is best to avoid downloading apps from third-party stores.
An evolved version of OmniRAT malware which attacked PCs, GhostCtrl mainly targets Android devices. Detected first by researchers at Trend Micro in July 2017, the malware uses modified versions of a legitimate and popular app, just like CopyCat malware, to sneak into users’ phone. Once inside, it installs a malicious Android Application Package (APK) to take over the device. It can track your personal data such as call logs, browser history and text messages. It can also record a conversation, capture a video, and lock your phone until you pay a ransom. Trend Micro suggests that users should keep their Android devices updated. Also, users should avoid downloading apps or games from third-party stores.
Judy is a unique malware which allows hackers to harvest large amounts of fraudulent clicks on advertisements on a hidden browser, which runs quietly in the background on an infected smartphone to generate fake clicks without users’ knowledge. According to Check Point Research’s findings released in May 2017, the malware was found hidden in 41 Android apps and games on the Play Store and has affected over 36 million devices. The apps have been removed by Google. Keeping an anti-virus app on the phone can help identify bad apps. You can also use Google’s new Play Protect Tool to scan an app.
Anti-virus company Dr Web has found a new malware called BankBot.211 targeting banking apps. The malware is downloaded through a harmless looking app from a third-party store and sometimes even Play Store. It then adds itself as a device administrator to steal users’ card credentials by creating fake card entry screens. Once users punch the details, it takes a screenshot of every key stroke to get the entire credit card credentials. Dr Web claims, its initial hunting ground was Turkey but now threatens users in the UK, the US, Germany, France and Australia. Even after the app is removed, the BakBot.211 remains on the smartphone. According to Dr Web, users can get rid of it completely by loading the smartphone in Safe mode->log into system settings->device administrators and recalling administrative rights. Restart the smartphone and run an anti-virus scan to isolate the malware.