Three new malware families for the Android operating system racked up more than 300,000 downloads from the Google Play Store before being taken offline. The pests came disguised as messaging apps, cameras and QR code readers, attributes that would allow the legitimate request for access that, in fact, was used to steal user data and accounts on social networks.
The alert on the matter was published by the security company Zscaler and brings information about three threats, called Joker, Facestealer and Coper. The former seems to be the most popular, garnering hundreds of thousands of downloads, while the latter two would still be in the early stages of dissemination.
The improper subscription to premium services, in addition to the theft of credentials and access codes via SMS, are the goals of Joker. According to experts, no less than 50 applications were registered by the crooks as a way to spread the malware, mostly communication tools, photography, cell phone personalization and health monitors.
None of them delivered what they promised, of course, as they served as a gateway to the data-stealing pest and use the apps’ promise of functionality to hide the different authorization requests. The software even encrypted the tracks on the cell phone, as a way of evading detection by security software. Check the list of malicious apps:
- Simple Note Scanner – com.wuwan.pdfscan
- Universal PDF Scanner – com.unpdf.scan.read.docscanuniver
- Private Messenger – com.recollect.linkus
- Premium SMS – com.premium.put.trustsms
- Smart Messages – com.toukyoursms.timemessages
- Text Emoji SMS – messenger.itext.emoji.mesenger
- Blood Pressure Checker – com.bloodpressurechecker.tangjiang
- Funny Keyboard – com.soundly.galaxykeyboard
- Memory Silent Camera – com.silentmenory.timcamera
- Custom Themed Keyboard – com.custom.keyboardthemes.galaxiy
- Light Messages – com.lilysmspro.lighting
- Themes Photo Keyboard – com.themes.bgphotokeyboard
- Send SMS – exazth.message.send.text.sms
- Themes Chat Messenger – com.relish.messengers
- Instant Messenger – com.sbdlsms.crazymessager.mmsrec
- Cool Keyboard – com.colate.gthemekeyboard
- Fonts Emoji Keyboard – com.zemoji.fontskeyboard
- Mini PDF Scanner – com.mnscan.minipdf
- Smart SMS Messages – com.sms.mms.message.ffei.free
- Creative Emoji Keyboard – com.whiteemojis.creativekeyboard.ledsloard
- Fancy SMS – con.sms.fancy
- Fonts Emoji Keyboard – com.symbol.fonts.emojikeyboards
- Personal Message – com.crown.personalmessage
- Funny Emoji Message – com.funie.messagremo
- Magic Photo Editor – com.amagiczy.photo.editor
- Professional Messages – com.adore.attached.message
- All Photo Translator – myphotocom.allfasttranslate.transationtranslator
- SMS Chat – com.maskteslary.messages
- Smile Emoji – com.balapp.smilewall.emoji
- Wow Translator – com.imgtop.camtranslator
- All Language Translate – com.exclusivez.alltranslate
- Cool Messages – com.learningz.app.cool.messages
- Blood Pressure Diary – bloodhold.nypressure.mainheart.ratemy.mo.depulse.app.tracker.diary
- Chat Text SMS – com.echatsms.messageos
- Hi Text SMS – ismos.mmsyes.message.texthitext.bobpsms
- Emoji Theme Keyboard – com.gobacktheme.lovelyemojikeyboard
- iMessager – start.me.messager
- Text SMS – com.ptx.textsms
- Camera Translator – com.haixgoback.outsidetext.languagecameratransla
- Come Messages – com.itextsms.messagecoming
- Painting Photo Editor – com.painting.pointeditor.photo
- Rich Theme Message – com.getmanytimes.richsmsthememessenge
- Quick Talk Message – mesages.qtsms.messenger
- Advanced SMS – com.fromamsms.atadvancedmmsopp
- Professional Messenger – com.akl.smspro.messenger
- Classic Game Messenger – com.classcolor.formessenger.sic
- Style Message – com.istyle.messagesty
- Private Game Messages – com.message.game.india
- Timestamp Camera – allready.taken.photobeauty.camera.timestamp
- Social Message – com.colorsocial.message
Facestealer, as the name implies, has the theft of Facebook logins and passwords as its objective. It was hidden in a software called Vanilla Snap Camera, which collected 5,000 downloads and, instead of increasing the photos on the cell phone, it displayed a fake screen for entering an email and password in the name of the social network, with the data being sent. to servers under the control of criminals.
A code analysis also showed that the virus has the ability to do the same for other services and social networks, even though the Meta platform is the only target at this early stage. The same is also true for Coper, which opens gateways for new malware from overlapping screens that require the installation of fake updates for applications and the operating system itself, accumulating more than 1,000 downloads at the time it was discovered. .
The malware is also capable of reading and intercepting SMS messages, recording typed texts and capturing screen images, with all the information being sent to servers controlled by the crooks. As is usually the case, the abuse here is carried out through Android accessibility services, a common avenue for cybercriminals as it allows the use of different avenues of attack without multiple authorizations being required, a factor that can generate distrust.
How to avoid scams with Android apps?
Google has been informed about the presence of the malicious apps in the official Android store and they have all been taken down. However, this does not free users who have already installed them from danger, who need to take steps to get rid of the infection and clean the device using security software, in addition to changing passwords and other checks to ensure any malicious uses. .
The main recommendation is to pay attention to downloading apps on the Android operating system. Although the use of Google Play is recommended, it is not the only guarantee of security, with users having to pay attention to developers and user-written reviews, avoiding downloading applications with few downloads or that have unrecognized responsible.
Keeping your operating system up to date and security software running also helps you avoid the most common threats. When performing downloads, be aware of the permissions requested and assess whether the downloaded software actually needs such access to work, denying it in case of suspicion and performing the uninstall immediately.