Cybersecurity researchers on Zscaler ThreatLabz discovered even a party of Android malware that was openly available in the Google Play Store and downloaded by hundreds of thousands of users before being removed. This group includes dozens of apps that hid three major malware strains: Joker, Facestealer and Coper.
Despite what sounds like Batman’s rogues gallery, these are three dangerous malwares that perform multifaceted attacks and can compromise personal data, steal login information, trick you into unwanted financial transactions and even give hackers full remote control control of infected devices.
What can Joker, Facestealer, and Coper does it?
Like most Android malware, the abusive apps were Trojans – software that looks harmless but secretly contains malicious software. Some of the apps in Zscaler’s report used sophisticated tactics to circumvent Google Play’s anti-malware inspection, while others sideloaded malware after the app was installed. Some may even slip past anti-malware on their device by using these techniques.
Of the three types of malware, Joker accounted for the majority of infections, appearing in 50 apps with over 300,000 combined downloads. It is not surprising the Joker made up the overwhelming majority of the attacks; It is a productive malware it is often used to Wireless Application Protocol (WAP) scam.where victims are registered for unwanted subscription services through the mobile operator. These attacks do not require direct access to your bank or credit card information, and instead rely on the infected device’s mobile data to subscribe to services via your phone bill.
Most of the Joker apps in this malware package were messaging and communication apps that access the phone’s text and mobile data features to purchase premium subscriptions, then cut off and delete any verification texts from the services it registers for. Review of the permissions of an app is a common way to detect dangerous software, but a communications app requesting SMS and mobile data related permissions does not seem out of place, so affected users may have no idea that they are paying for unwanted services unless they look closely at each item on their monthly telephone bill.
Joker apps will also use the personal information they use for WAP scams for other attacks, such as hacking into social media and bank accounts, but genuine the identity thief in the gang is Facestealer.
Many legitimate apps require a Facebook, Twitter, Google or Apple ID, but Facestealer apps use fake social media login screens that steal your login information. The fake login screens are usually loaded directly into the app and look like real goods, so it is easy to overlook. Hackers can then use your credentials to hijack your account to spread more malicious software to your friends through messages, or worse, siphon personal information that can help them steal your identity. Zscaler found Facestealer in only one app, Vanilla Snap Camera, which had only 5,000 downloads, but it is almost certain that other Facestealer Trojans have disguised themselves as real apps on Google Play.
The latest malware, Coper, also targets your personal data and login information. It can read text entries on the keyboard, try to trick you with fake login screens, and even access and read your texts. All this stolen data is then quietly shared with the app creators to get started smishing, phishingEven SIM switch attack. Coper is dangerous, but fortunately is only linked to a single app, Unicc QR Scanner, which had around 1000 downloads. However, the danger here is that the malware was not actually hidden in the app’s code, but rather side-loaded via a fake app update. This is a common tactic that hackers use to completely bypass Google Play’s malware scans, since they can simply add malware later.
How to stay safe
You can find a complete list of the malicious apps and how they carried out their attacks Zscalers report. The good news is that all offensive apps were removed from Google Play and disabled on devices that downloaded them from the Play Store.
That said, it’s just a matter of time before another round with Android malware get caught. You must at all times protect yourself against possible threats.
We have covered the best ways to protect Android devices, social media accounts and other personal data all kinds of scams, hacks and leaks. But when it comes to Android apps, the best way to be sure is to only install apps from reputable and trusted publishers, and only download them from verified sources like Google Play Store, APK Mirror or XDA Developers.
If you decide to download an app from an unknown publisher, be sure to read the reviews and research the app online first. But unless an app offers functionality you simply cannot get from a regular publisher’s app, there is no need to download alternative apps for text messaging, cameras or QR codes – especially when your phone can do all these things with the built-in the features it comes with.