Despite the multiple cases of fake or compromised Android apps, bad applications continue to sneak in, successfully bypassing any security measures Play Store has. 85 such applications were just removed from there. The apps were infected with malware that was designed to steal passwords for social networks. Obtained passwords may have been used in various malicious scenarios, including account takeovers and distribution of the so-called Facebook viruses.
Researchers discover apps stealing credentials for social networks
The apps were discovered and reported by Kaspersky. What is funny is that the American president Donald Trump just banned Kaspersky antivirus software from being used on government computers, due to political allegations. The malware that was caught by Kaspersky researchers was targeting specifically Russian-speaking victims, users of VK. However, malware is known to quickly change and adapt, and target broader pools of victims.
Even though the apps were leveraged only to steal passwords for one particular social network, VK, some of them have been available for quite a while. One particular app, called Mr President Rump, gathered more than one million downloads alone! This app is in fact a game published earlier this year, in March. All of the apps used in this malware operation were prompting users to give away their login credentials (usernames and passwords).
The apps had an option to authenticate on VK, asking potential victims to give their login credentials. This request is typical for game apps as they include social network functionalities for more features. Such features include sharing high scores on the platform, or gaining premium content, researchers explain.
All affected users are urged to change the passwords for their accounts.
“These cybercriminals were publishing their malicious apps on Google Play store for more than two years so they had to modify their code to bypass detection. We think that cybercriminals use stolen credentials mostly for promoting groups in VK.com. They silently add users to promote various groups and increase their popularity by doing so,” Kaspersky wrote.
The apps are now removed from Google Play Store. Nonetheless, users that suspect that their accounts may have been compromised should change their passwords immediately.
Last year, the Marcher Android Trojan had been upgraded to show fake login screens. The Trojan was doing so to steal the victim’s credentials for several popular Android apps. Launched in 2013, this Android Trojan has been quite active on Google Play. Its primary purpose has always been harvesting user credentials and credit card data.
What to do to avoid downloading malicious apps on Google Play Store
Users should always be on the lookout for suspicious apps. If you want to know the permissions of an app you’re planning to install, locate it on Google Play Store and click Permission Details.
Even though permissions may look kind of scary, they’re not always evil and in most cases they help your device stay protected against suspicious apps. In other words, giving app permissions is not necessarily a bad thing. In many cases, an app wouldn’t work properly if it didn’t demand permissions from the device.
However, when certain permissions are visibly not related to the app’s functionalities, then you should be concerned and should think twice before installing the app. Why would a dictionary app want to access your contacts? This would be the perfect illustration of an app overstepping its rights (and permissions).
In short, what you can do to prevent downloading a malicious app is to follow these simple steps:
- Research your applications before installing them;
- Carefully read the privacy policy, terms of service and list of permissions in Google Play Store;
- Check if the permissions the app asks are covered by the app’s functionalities.