AT least 330 dodgy apps designed to steal credit card numbers have been downloaded on millions of peoples phones, security experts have warned.
A report from cybersecurity firm Bitdefender has claimed that a widespread malware campaign has been running rampant on the Google Play Store, used by Android phones.
This is one of nine dodgy apps that are still available to download on the Google Play Store[/caption]
The apps typically mimic utility platforms like QR scanners, expense tracking apps, health and wallpaper apps[/caption]
If any of these apps are downloaded on your Android device, it is advised to delete them immediately[/caption]
Most of the apps started off as innocent apps, first appearing on Google Play last summer[/caption]
The 330 apps have been downloaded an estimated 60million times, according to the report.
The apps typically mimic utility platforms like QR scanners, expense tracking apps, health and wallpaper apps.
Of the 330 that security experts discovered to be hiding malware, nine are still available to download on the Google Play Store:
- Dropo
- Water Note
- Destiny Book
- Five in a Row
- ShapeUp
- Beautiful Day
- Handset Locator
- MassM BMI
- Body Scale
Alongside credit card numbers, the apps are created with the intention of stealing login credentials and other personal information.
Cyber crooks have allegedly found a way to bypass Android security restrictions.
They are able to hide the app icons, according to Bitdefender, so that these malicious platforms remain hidden on phones.
The apps can start without user interaction, experts warned, even though this should not be technically possible in the latest Android software.
Most of the apps started off as innocent apps, first appearing on Google Play last summer.
However, criminals later updated them with malicious software.
Silviu Stahie, Security Analyst at Bitdefender, told The Sun: “The campaign has been active for months, and it’s clear that the concealment methods are evolving in real-time.
“The attackers have grown sufficiently confident to push updates for these apps and will likely attempt to modify the malware further in their efforts to escape detection.”
It’s unclear whether these dodgy apps are the result of one threat actor or a group.
If any of these apps are downloaded on your Android device, it is advised to delete them immediately.
Google has a raft of security measures in place to stop malicious apps from even making it to the Play Store.
The tech giant’s Play Protect tool runs safety checks on apps from the Google Play Store before users download them – and sends pop-warnings about potentially harmful apps.
However, roughly 1,200 new apps are launched on Google Play everyday – meaning some malicious apps can slip through the cracks.
The Sun has contacted Google for comment.
It’s unclear whether these dodgy apps are the result of one threat actor or a group[/caption]
The apps can start without user interaction, experts warned[/caption]
This app is supposed to track your daily water intake – but may actually be used to steal your credit card information[/caption]
How to spot a dodgy app
Detecting a malicious app before you hit the ‘Download’ button is easy when you know the signs.
Follow this eight-point checklist when you’re downloading an app you’re unsure about:
- Check the reviews – be wary of both complaints and uniformly positive reviews by fake accounts.
- Look out for grammar mistakes – legitimate app developers won’t have typos or errors in their app descriptions.
- Check the number of downloads – avoid apps with only several thousand downloads, as it could be fake.
- Research the developer – do they have a good reputation? Or, are totally fake?
- Check the release date – a recent release date paired with a high number of downloads is usually bad news.
- Review the permission agreement – this agreement gives permission for the app to take bits of your data, and fake apps often ask for additional data that is not necessary.
- Check the update frequency – an app that is updated too frequently is usually indicative of security vulnerabilities.
- Check the icon – look closely, and don’t be deceived by distorted, lower-quality versions the icons from legitimate apps.
All of this information will available in both Apple’s App Store and the Google Play Store.
