CYBER NEWS

Authorized Android Apps with Text Message Stealing Trojan

Android Apps-TrojanMalware researchers have recently informed about three benign Android apps that actually carried within them a malicious Trojan. These are Trojan versions of the apps iNoty, QuickPic, and Bluelight Filter for Eye Care.

The Nature of iNoty, QuickPic & Bluelight Filter for Eye Care Apps

At first these apps will install and will function normally; however, they bear a malicious code. The legitimate versions of the three apps could be found on Google Play, and they come with no malware inside. The attackers have copied these apps and have installed malicious code inside, then they have distributed them to the victims.

How are the Malicious Apps Distributed

According to the researchers from Malwarebytes, the iNoty, QuickPic and Bluelight Filter for Eye Care apps are not available on the app stores. They are hosted on the Baidu Cloud, a cloud-based file sharing service.

Until now, the malware experts have seen similar attacks that have used DropBox and different other services to host and then spread malware. The interesting thing here is that Baidu have also specialized in making antivirus software. In other words, the attackers use all tools available in order to spread the malicious products they have created.

How Do the Malicious Apps Affect the User’s Device?

When these malicious apps are installed on the Android device, they start functioning normally. The malicious code that has been injected though is monitoring the incoming messages that the user gets. The apps further forward certain messages from the devices of the victims and kill the processes that run in the background.

The malware experts from Malwarebytes alarm the users that these apps can cause inconvenience and plenty of troubles. The analysts believe that the main purpose here is monetization. The infected app signs victims by sending a message from the infected phone. Then the victim gets an additional charge on the bill. This is similar to the fundraisers that collect money as the users are donating them by texting a certain number. In this situation, however, the cause is not a good one.

Often the SMS messages play the role of a two-factor authentication. The banks and some other institutions sometimes spend special codes to the phone of the user to be entered when logging into his account. With these and other apps, the cyber criminals can steal the two-factor codes, as well as the bank logins.

According to the security companies, the Android devices are infected by spyware, installed by people who want to spy on other people. Most of these apps are based on AndroRAT and by using them the spy can retrieve and even send messages from the infected phone of the victim. In general, AndroRAT can be injected into applications that are safe, in order to infect the victims’ phones.

How to Stay Safe?

The cyber attackers try to spread the malware to as many users as they can in order to maximize their earnings. However, there are certain limitations that prevent them from using the malicious app. The apps that have been spotted by the Malwarebytes company are not available on the Google Playstore. Thus, the people who are using this store are much less likely to stumble upon a malicious app.

The cyber criminals store the malicious apps they have created on a cloud-based file and use phishing messages and spam in order to attack their victims. These attacks however are limited by many factors including the language factor. The malware researchers believe that the malicious apps found earlier this week are of Chinese origin as they are stored on a Chinese cloud service. That is why, the researchers believe that the users from Europe and from the United States are not likely to be infected by these apps. Yet, all users should be careful and should avoid third-party app stores.

The security experts recommend the installation of security software on the Android devices that will protect them from such threats.

Avatar

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...