Fake versions of popular apps used to spread malware on Android
According to Bitdefender, a cybersecurity company, fake versions of popular apps have been used to spread malware on Android. Criminals have actually spread most of their malware through sideloading.
As most of you know, Android allows you to download applications, you don’t need to install them through the Play Store. It’s contrary to Apple, and one of Android’s greatest strengths, many would say. Well, it turns out that’s a weakness too, if you’re not careful.
Fake apps spread malware, masquerading as popular apps
The TeaBot and Flubot are the most recent Trojans spotted at the start of this year. Bitdefender has spotted a bunch of malicious new Android apps that masquerade as real, and they usually do as fairly popular apps.
The company has found five of these applications containing the TeaBot Trojan, and at least one of them has been installed over 50 million times. These apps use bogus ad blocker apps to spread malware around.
These apps will ask you for permission to view over other apps, display notifications, and install apps outside of the Play Store. Once done, the icons of those apps remain hidden in the app drawer.
TeaBot can cause serious damage, so be extra careful. It can “superimpose attacks via Android accessibility services, intercept messages, perform various keylogging activities, steal Google authentication codes and even take full control of Android devices remotely.”
On the other hand, Flubot. This malware is spread via SMS spam. Flubot steals banking, contact, SMS and other types of private data from infected devices. It can send an SMS with content provided by the CnC.
Stay on the Google Play Store while installing apps, or be extra careful
Flubot typically mimics shipping apps like DHL Express Mobile, Fedex, and Correos. Bitdefender suggests that you stick to the Play Store when installing applications, in order to avoid such problems.
If you take a look at the image / table below, you will see a comparison between fake and real apps. Some of the examples include PlutoTV, Kaspersky Antivirus, and VLC.