Malicious Malware Spreads to More Android Apps
I’ve talked about this a few times last years, and as the threat grows larger I’m here to pass this warning off to you once again.
Malicious Malware have been popping up in a couple of apps over time, as Android grew and became a key player in the mobile universe, they gained much more attention from excited users, down to the people who intend to do harm to those users. This isn’t just Android who suffers from stuff like this, even our rival iPhone has their own issues as we do.
In most cases malicious malware inside applications comes from apps you really shouldn’t be downloading anyway, (That secret porn app you hide, yes… we all see it…). As well as off market downloads.
Three interesting malware packages found in the last year include:
- FakeToken.A, a Trojan that pretends to be a token generator for mobile banking. The malware works by impersonating a valid token generator but, in fact, only issues random numbers while in the background sending the username and password for the mobile banking to a command and control server.
- Boxer.H, a new variant of the existing Boxer family, which pretends to be Google Play.
- RootSmart.A, downloads an exploit to gain root privileges on the infected device. This in turn allows it to install more applications / malware. It also has a bot component that can receive commands from a remote server. These commands include malicious money making actions like sending premium rate SMS messages, and accessing pay-per-view videos.
Once again as I’ve said long ago. Common sense rules the day.
No, Don’t go and download an anti-virus app, they do nothing but chew up your battery life and take up system resources. your best defines is common sense. Stick to the Google Play Store (Android Market) When all posible, most apps on there are checked by Google or flagged by users and quickly pulled off if harmful.
Avoid off market downloads. This means try to avoid download apps from social media postings, forums, and random links you may find floating around the internet. APK files are just like ZIP files, anyone can put anything inside them.
If you’re going to download off market apps, confirm your source is authentic and trusted. I know it’s a hassel when you really want that app not available on the Google Play Store, but is it really worth having someone spy on your phone calls, those late night text messages so your secret sweetie, or someone leaking that photoshopped photo of your boss with a donkey head on him at work?
Privacy is something that’s very hard to keep in todays time, but by giving a couple extra seconds to think about what we’re doing can go a long way.
[Source:AndroidAuthority]