13 Malicious Android Apps You Should Delete Immediately

We’re ending the year with another crop of malicious Android apps you should delete from your phone ASAP.

The McAfee Mobile Research Team uncovered apps in Google Play and third-party app stores that are infected with malware it’s dubbed Xamalicious because it’s “implemented with Xamarin, an open-source framework that allows building Android and iOS apps with .NET and C#.”

Once installed, a malicious app “tries to gain accessibility privileges with social engineering and then it communicates with the command-and-control server to evaluate whether or not to download a second-stage payload.” If the second-stage payload is installed, it can take full control of your device, meaning “it has the potential to perform any type of activity like a spyware or banking trojan without user interaction,” McAfee says.

The apps can also do things like install other apps or click on ads without your consent. The Cash Magnet app, for example, automatically clicks ads and installs apps to fraudulently generate revenue; users think they’re earning points to be redeemable as a retail gift card.

“This means that the developers behind these threats are financially motivated and drive ad-fraud therefore this might be one of the main payloads of Xamalicious,” McAfee says.

McAfee identified 25 apps that contain the threat, 13 of which were distributed on Google Play, some as far back as 2020. It notes that “the usage of the Xamarin framework allowed malware authors to stay active and without detection for a long time, taking advantage of the build process for APK files that worked as a packer to hide the malicious code.

“Malware authors also implemented different obfuscation techniques and custom encryption to exfiltrate data and communicate with the command-and-control server,” McAfee adds.

Recommended by Our Editors

McAfee estimates the apps have potentially compromised 327,000 devices from Google Play, in

Read More ...

Android’s new real-time app scanning aims to combat malicious sideloaded apps

Android’s in-built security engine Google Play Protect has a new feature that conducts a real-time analysis of an Android app’s code and blocks it from installing the app if it’s considered potentially harmful.

Google announced in October the new real-time app scanning feature built into Google Play Protect that the company says can help catch malicious or fake sideloaded apps installed from outside the app store. These apps will morph their appearance or use AI to alter the apps’ code in a way that helps them avoid detection.

Google said this Play Protect feature now recommends a real-time app scan for any new app that has never been scanned before. This consists of a code analysis that will “extract important signals from the app and send them to the Play Protect backend infrastructure for a code-level evaluation.”

Android’s app store has billions of apps that Google screens for malware, though not always successfully. Many device owners also take to sideloading Android apps, which skirt the app store altogether and its many lines of defense. Sideloading remains a popular feature for Android users, even if it means having to trust that the app they are installing is not malicious.

One of the key reasons for Google to introduce its enhanced real-time code-level scanning feature is to counter the proliferation of predatory loan apps. These apps have resulted in the harassment of users, leading in some cases to victims taking their own lives. Bad actors gain access to user data, including contacts and photos, which are used to bully users. TechCrunch extensively covered the impact of predatory loan apps on Indian users. Google also said it took down over 3,500 such apps in the year for violating its policy requirements. Attackers still find ways to target their victims.

“Our policies are making

Read More ...

Malicious Android spyware detected in over 100 popular apps

Brace yourself for this troubling revelation. A new report from researchers at the IT security solutions firm Dr. Web found that over 100 Android apps that collectively have over an astounding 421 million downloads are infected with a new malware strain. 

What is this new malware strain

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK TIPS, TECH REVIEWS, AND EASY HOW-TO’S TO MAKE YOU SMARTER 

The malware strain has been named SpinOK, and it also contains a spyware module within it. SpinOK is being used mainly as a marketing software development kit (SDK) and was designed to maintain users’ interest in apps with the help of mini-games, a system of tasks, and alleged prizes and reward drawings.  

Below is an example of an ad SpinOk displays: 

android malware

 A new report from researchers at the IT security solutions firm Dr. Web found that over 100 Android apps (Cyberguy.com)

The team at Dr. Web found that SpinOK is capable of invading even the best Android phone models and stealing private information stored on them, including data from sensors that can be used to detect a simulated or test environment and adjust the operating routine to avoid being detected by cybersecurity experts. 

Once it has the information it needs, it will send it to a remote server controlled by the cybercriminals running SpinOK. 

What are the apps that have been affected? 

DO YOU KNOW ABOUT THIS PRICE TRACKING FEATURE ON YOUR ANDROID?

There are over 100 Android apps that have been affected by this malware strain, and you can find a full list of them here. However, here is a list of the apps that have been downloaded the most often. 

Biugo – video maker&video editor (at least 50,000,000 installations) 

CashEM: Get Rewards (at least 5,000,000 installations) 

Cashzine

Read More ...