While Android malware is a common threat, we are typically warning you about a handful of apps, or maybe a couple dozen at most, that are infected with a particular variant, so I did a triple take when I saw that a new malware was in over 60,000 unique apps.
The team at Bitdefender, a popular antivirus app, found the threat thanks to a new App Anomaly Detection feature built into its software. The malware campaign appears to have started in October of 2022 and is present in a wide swath of app categories including VPN software, game cracks, game cheats, security software, Netflix, and various utility apps (via Bleeping Computer).
Netflix? Yes, but the key is that these apps aren’t found in Google Play; the infected apps are all found in third-party app stores. So if you stick to Google Play, you are safe, in this instance, we frequently cover malware that has made it through to Google Play, so don’t assume that alone always keeps you safe.
What can this malware do?
The infected apps will install as normal, and then if you open, it triggers an error message saying, “Application is unavailable in your region. Tap OK to uninstall.”
You’ll be shocked to hear that the malware is lying. Instead of uninstalling the app, it just puts it to sleep for two hours and plants the digital seeds for the app to trigger when your phone is booted or unlocked. In order to help it avoid detection, it won’t start to trigger the adware until roughly two days after the initial install.
Once it is active, it will connect to the servers of the threat actors and begin to serve ads either in your browser or in some cases in full-screen takeover ads.
At the moment, this is relatively innocuous as malware goes, filtering in money from the ads that you are being subjected to rather than that money going to the other companies serving you ads online, but things could get much worse at the drop of a hat.
According to Bitdefender, “the threat actors involved can easily switch tactics to redirect users to other types of malware, such as banking Trojans to steal credentials and financial information or ransomware.”
How to protect yourself
Step one in this case would be to not install apps from outside of Google Play. While that isn’t a guarantee of safety, it certainly helps, and would prevent exposure to this particular threat.
However, failing that you should install a good antivirus app, which can detect and remove threats like this once they have been identified. Having tested dozens personally, Bitdefender is my top recommendation and one of the most affordable as well, but there are other options such as Norton 360, Trend Micro, and McAfee. If you already use one of these services for your desktop antivirus solution, you can and should install it on your phone as well.
Source link