More malicious mobile apps have been found and removed from the Google Play Store following urgent warnings from security experts.
Cybersecurity researchers from ThreatLabz recently reported (opens in new tab) spotting three different malware families, hiding in a multitude of apps that between them have had more than 300,000 downloads.
The families are called Joker, Facestealer, and Coper. Joker is quite an advanced piece of mobile malware, capable of stealing sensitive information from the compromised endpoints, grabbing SMS messages, call lists, and contacts from the devices, as well as subscribing the victims to premium wireless application protocol (WAP) services.
Camera and QR code apps
Joker, which was found in at least 50 applications, usually hides in communication apps, with these apps usually requesting permissions to access the contacts list, to make phone calls and send/receive SMS messages, avoiding any possible suspicion.
Facestealer, as the name would suggest, does not steal faces, but rather identities (opens in new tab) – Facebook accounts. It does so by placing a fake login form on top of a login form of a legitimate app.
This malware was found in one app, called “Vanilla Snap Camera”, which has had some 5,000 downloads. Last but not least, Coper is an infostealer that reads the victims’ SMS text messages, is capable of sending malicious SMS messages to people in the contacts list, logs keys and taps, and harvests sensitive data back to the attackers’ command & control servers. This one was found in an app called “Unicc QR Scanner” which has had some 1,000 downloads.
Unicc QR Scanner itself does not carry the malware, the researchers further found, but once the victim downloads it, the app will trigger an “update”, during which the malicious payload gets dropped on the endpoint.
The usual advice for keeping mobile devices safe is to only download from legitimate sources, but given that threat actors are getting better at smuggling malware into the Play Store, this security measure will no longer suffice.
Mobile users should also pay attention to the app reviews and ratings, as these are often a good indicator, especially for apps with thousands of downloads (those with fewer downloads could have their reviews rigged by bots). Finally, they should be skeptical of any permissions asked by the app, as they are also a good indicator if the app has ulterior motives or not.