Beware Android users some Google Play Store apps are infected with spyware, uninstall them right now

By Divya Bhati: Google Play is one of the largest app stores globally, offering over 3 million apps for download. With such a wide selection of apps and a vast user base, the Android app store, operated by Google, also becomes a prime target for hackers seeking to spread malware. In a recent discovery, cyber security researchers have detected several suspicious apps on Google Play that are infected with malware. These malicious apps can steal sensitive information from the user’s phone and can be used to initiate other cyber attacks.

Researchers at CYFIRMA, a cybersecurity company, have issued a warning to Android users regarding apps that are currently available on Google Play. The apps in question, namely nSure Chat and iKHfaa VPN, are listed under the developer name “SecurITY Industry”. According to the researchers, these apps have been infected with spyware, designed to steal sensitive information from users’ phones. Furthermore, it has been discovered that these apps are being used by state-sponsored hackers as a means to gather intelligence from targeted devices. The information includes location data as well as contact lists from the affected users.

According to a report from Singapore-based cybersecurity company Cyfirma, the infected apps have been traced back to a dangerous hacking group known as “DoNot.” This group, believed to be state-sponsored, has been carrying out targeted attacks on prominent organizations in Southeast Asia since 2018. “Further technical analysis revealed that the app has malware characteristics and belongs to the notorious Advanced Persistent Threat Group; “DoNot”, which recently targeted individuals in the Kashmir region. In a recent observation, we found the threat actor is using Android payload against individuals in the Pakistan region, however, it is still unknown what drives them to conduct cyber strikes in the South Asian region,” reads the report by CYFIRMA.

How the spyware apps stealing user data

The report explains that malicious apps request users for sensitive permissions during installation. These permissions include access to the contact list, precise location, and more. Once granted permission, the apps collect the data and send it to the hackers.

Cyfirma analysts have also discovered that the code base of the malicious VPN app was copied from the legitimate Liberty VPN service. This means that the malicious app is essentially a copy of the legitimate app, with some malicious code added to it.

Do not install these apps from Google Play

Do not install these two apps – nSure Chat and iKHfaa VPN from Google Play. If already installed, then users should delete it immediately. Both the apps are currently available on Google Play to download. While nSure Chat has over 100+ downloads, data on iKHfaa is not available.

How to stay safe from Spyware

First and foremost, you should never download an app that looks suspicious or is flagged as malicious. However, it should also be noted that hackers are also sending links to these apps through WhatsApp and Telegram. Therefore, you should never click on such links.
Additionally, here are some tips to follow to protect your device from malware:

  1. Choose a trusted antivirus program and keep it updated. Regularly scan your device to detect and remove any spyware or malware.
  2. Only download apps from official app stores such as Google Play Store or Apple App Store. Read user reviews and check the app’s permissions before installing it. Avoid downloading apps from unknown or untrusted sources.
  3. Keep your operating system, software, and apps up to date. Developers often release updates to patch security vulnerabilities and protect against spyware. Enable automatic updates for convenience.
  4. Be cautious when granting permissions to apps. Consider whether an app truly requires access to certain sensitive information, such as your contacts, camera, or location. Deny permissions that seem unnecessary or suspicious.
  5. Enable and configure a firewall on your device to monitor and block unauthorized network connections. This helps prevent spyware from communicating with remote servers.

link