These dangerous Android apps can hijack your phone — what to do now
These dangerous Android apps tin hijack your phone — what to do at present
Google has booted eight malicious Android apps from the Play Store that were designed to steal money from online financial accounts and take over smartphones, according to a new report from Israeli security firm Check Betoken.
The apps, listed below, snuck into Google Play through the front end door. They didn't seem malicious when Google's malicious-app screening procedure evaluated them, Check Point said, considering the apps' creators fabricated sure the apps communicated merely with Google's own Firebase cloud back-end servers, which are ofttimes used by smartphone apps.
- Report: Two-thirds of Android malware comes through Google Play
- The best Android antivirus apps to keep your phone make clean
- Plus: Google Pixels can now read your heart charge per unit and breathing
But once the apps were installed past users, Check Point said, they switched to communicating with GitHub, a lawmaking-sharing platform owned by Microsoft upon which anyone tin mail software and other items.
Each app contained a hidden "dropper" designed to install more software, and those droppers downloaded the AlienBot banking Trojan from individual GitHub pages dedicated to each app. (Independent researchers at MalwareHunterTeam also posted about this on Twitter in late Jan.)
Check Point described AlienBot every bit "second-phase malware that targets financial applications by bypassing ii-factor authentication codes for fiscal services."
In other words, AlienBot — once installed — steals your online banking countersign and gets effectually the 2-factor hallmark (2FA) methods meant to protect against the apply of stolen passwords.
Even worse, said Cheque Point, AlienBot frequently installs the Android version of TeamViewer, a legitimate app that enables remote control of a smartphone (or a figurer) from afar.
With TeamViewer installed, the bogus apps' creator(s) could have logged into victims' banking company accounts at whatever time.
"The hacker was able to leverage readily available resources to featherbed Google Play Shop's protections," said Check Point researcher Aviran Hazum. "The victims thought they were downloading an innocuous utility app from the official Android market, but what they were really getting was a unsafe Trojan coming straight for their fiscal accounts."
Cheque Point said information technology notified Google about these malicious apps on Jan. 28, and Google confirmed on Feb. 9 that all had been removed from Google Play.
How to remove malicious apps from your phone
Many people may still have these apps installed on their devices. Here'south a nautical chart showing the name of each app along with their unique Android application IDs, which are important because Android apps often share identical or very similar names.
| App name | Application ID |
|---|---|
| BeatPlayer | com.crrl.beatplayers |
| Cake VPN | com.lazycoder.cakevpns |
| eVPN | com.abcd.evpnfree |
| Music Player | com.revosleap.samplemusicplayers |
| Pacific VPN | com.protectvpn.freeapp |
| QR/Barcode Scanner MAX | com.bezrukd.qrcodebarcode |
| QRecorder | com.record.callvoicerecorder |
| tooltipnatorlibrary | com.mistergrizzlys.docscanpro |
To make certain you lot don't have any of these apps installed, scroll through your apps and run into if anything has a proper noun similar to i of those to a higher place.
If then, then go to Settings > Apps & notifications. Yous may have to tap an extra push to see all your apps at once.
Scroll downwardly to the suspicious app and tap it. On the app's screen, tap Advanced, so tap App Details.
You should exist taken direct to the app's folio in the Google Play app, which is really just a specialized web browser. Tap the three stacked dots in the upper correct of the Google Play app page, then tap Share.
A flyout window should appear at the bottom of the screen displaying the web address, or URL, for the app's Google Play store page.
The concluding part of that URL, later the equal sign, is the app'southward awarding ID.
For example, when you await upwardly the Facebook Android app in Google Play, the URL is "https://play.google.com/store/apps/details?id=com.facebook.katana." The application ID for the Facebook app is "com.facebook.katana".
If one of your apps has an application ID that matches one of the application IDs the chart above, then you'll accept to remove information technology.
Tap the back push button to go out of the flyout window on the app'due south Google Play page. Then tap Uninstall to get rid of the app.
Source: https://www.tomsguide.com/news/malicious-android-apps-alienbot
Posted by: gonzalezarager.blogspot.com
0 Response to "These dangerous Android apps can hijack your phone — what to do now"
Post a Comment