Android Apps Infected with Spyware Found on the Official Google Play Store

Discussion in 'Mobile OS' started by grr, Sep 17, 2016.

  1. grr

    grr Board Enthusiast Silver Member Known Member

    Google has removed four Android applications from the Play Store after security researchers from Lookout found them infected with a spyware trojan that harvested information about the infected devices and their users.

    Based on the profile of the four infected apps, it appears that someone was targeting businessmen or tourists, possibly traveling to or from Russia.

    Three of the infected apps were news related, from a developer named RSS News, Inc.. Two of these three apps showed news items related to Russia, while the third showed news on European topics.

    The fourth and last app detected as infected with the spyware could be used to search for embassies around the world.

    Spyware collects a boatload of data

    Collected data includes

    Read More / Source
     
    dinosaur07, revC0de and RGiskardR like this.
  2. Google Adsense

  3. Trim

    Trim MTAC Moderator Staff Member Member Of Month - Tweakbytes Defender

    That is an interesting and important article, for sure. Android malware are very dangerous because they can simply access to personal and sensitive informations about the hooked mobile phone or device. My recommendation is to have a good Android antivirus, such as Bitdefender, Sophos Mobile Security, but also Zemana Mobile Security Free would be a good addition with an antivirus.
    You can see tests and best Android antiviruses here: https://www.av-test.org/en/antivirus/mobile-devices/android/ (July 2016).
     
    grr, dinosaur07, guardian and 2 others like this.
  4. revC0de

    revC0de MTAC Moderator Staff Member

    To prevent these problems is almost impossible, because even if it is necessary to avoid installing apps from unofficial channels, these infected apps came from the Play Store.
    Google and its team of developers, in fact, seems to not pay too much attention to the testing of apps that, after a few hours, always receive the approval to be uploaded on the app store!
    As @Trim said: a good antivirus is needed for sure.
     
    grr, dinosaur07, guardian and 2 others like this.
  5. Trim

    Trim MTAC Moderator Staff Member Member Of Month - Tweakbytes Defender

    The best prevention in this case is to avoid installing unknown apps and maybe view also permissions about privacy, etc. that the application have.
    But of course Google has to check all applications uploaded everyday.
     
    grr, dinosaur07, guardian and 2 others like this.
  6. revC0de

    revC0de MTAC Moderator Staff Member

    Prevention is the key! :)

    Some malware have a instruction contained into the code of seemingly legit app and it installs a data package in the directory /system.
    From this position, the malware has full access to the entire device allowing the theft of information and personal files as well as the ability to block specific services.

    The installation of the package should be completed only on the terminal with ROOT permissions, active but it's not always so, and unfortunately in this case the removal of the malware has no effect.
    It is necessary to reset the device.:angry:
     
    grr, dinosaur07, guardian and 2 others like this.
  7. guardian

    guardian Administrator Staff Member

    USER beware of yourself .. do not install unless you have read ALL of the app reviews thoroughly :read:
    if it is new I would suggest that you wait to see what others think of it first.. let them be the infected :angry:
    not nice I know but do you want to be the one with the malware and all of your personal data exposed :S

    my Android is rooted so that I have more control over my OS.. if you have a rooted phone have you considered
    reading about XPrivacy on XDA
     
    grr, revC0de, Trim and 2 others like this.
  8. ottomanback

    ottomanback Initiat3

    best way ,I think,ıf you dont know the source of the app , you shouldnt install it .
     
    revC0de and guardian like this.

Share This Page