Two separate teams of security researchers revealed a couple of scammy apps and Android activity, some of which are the most dangerous we’ve seen so far. A new batch of nine apps, which were since removed from the Play Store after registering about 470,000 downloads, was reported by Trend Micro.
These Hoax Apps Have Been Removed by Google
The researchers indicated a number of menacing purposed for this series of apps that conceal themselves as apparently anodyne utilities, with named such as Rocket Cleaner or LinkWorldVPN. Even so, the Trend Micro researchers alert users that the apps are able to connect servers to insert up to 3,000 pieces of malware, and some can even log in to Facebook and Google accounts.
Here are the apps in question:
• Shoot Clean–Junk Cleaner, Phone Booster, CPU Cooler
• Super Clean Lite — Booster, Clean & CPU Cooler
• Super Clean — Phone Booster, Junk Cleaner & CPU Cooler
• Quick Games — H5 Game Center
• Rocket Cleaner
• Rocket Cleaner Lite
• Speed Clean — Phone Booster, Junk Cleaner & App Manager
• H5 gamebox
The report released by Trend Micro implies that these apps are coming from China and that as soon as users had installed them, they connected to a server to impersonate the user by posting fake reviews and accessing the users’ accounts.
These applications have been removed by Google Play Store, but if you, by chance, installed them onto your mobile device, make sure to delete them.
A New Malicious Campaign Appeared
Security analysts from the Cofense Phishing Defense Center have, in the meantime, also revealed another, but more ominous effort: a phishing campaign aimed at Android devices with unsigned Android apps installed on the smartphone.
As per a new report from the center, this is an attempt to infect mobile devices with Anubis, a ‘particularly nasty piece of malware that was originally used for cyber espionage and retooled as a banking trojan.’
“Anubis can completely hijack an Android mobile device, steal data, record phone calls, and even hold the device to ransom by encrypting the victim’s personal files. With mobile devices increasingly used in the corporate environment, thanks to the popularity of BYOD policies, this malware has the potential to cause serious harm, mostly to consumers and businesses that allow the installation of unsigned applications,” the report says.
This sinister campaign sends users an email that contains an attachment pretending to be an invoice. When the users open the attachment, a window appears, asking them to turn on ‘Google Play Protect.’ After taping on ‘OK,’ however, the approval allows the app a few secret and malicious approvals and disables the real Google Play Protect.
The malware is able to capture screenshots, change administration settings, record audio, access contact lists, and steal them, as well as lock the smartphone. In addition, it also comes with a ransomware element, which can be activated remotely after the attacker has taken everything they want from the device.