Once again, Android users face a serious threat, as hackers use a new technology that mimics popular applications in an attempt to trick users into installing them on their phones to gain access to personal data.
Android users should immediately check their phones to ensure that none of these malware-ridden apps are installed on their devices. The latest attack, discovered by the team at Bitdefender, shows that hackers are relying on new ways to try to access devices and all the highly personal data we store on them.
Malicious apps can see private text messages and even bank account details, which are sent directly to criminals without the user noticing an attack. As the Google Play Store is now more secure, it has become more difficult for cyber thieves to infiltrate malware into this hugely popular market.
So, instead, they create fake apps outside the official Google Play Store, to lure users with the promise of antivirus software, access to free TV services, and more.
And unlike Apple's iOS, Google allows owners of Android smartphones and tablets to approve downloads from outside its app store. While this gives users more control over their gadgets, it also opens up devices to risk.
Bitedender said, criminals, welcome the opportunity to spread malware directly from app stores, but that's not easy. Instead, they go to the next available method mimicking higher-rated apps in the hopes of tricking at least some users into downloading and installing their malicious versions.
Once tricked into installing it, users are targeted with a new type of virus called Teabot, which has the ability to broadcast everything on-screen directly to online crooks.
This means personal texts, mobile banking app verification, and of course card details when shopping online, as they can be viewed and stolen. Bitdefender says it has identified a strange distribution method for the new attack with fraudsters using the fake Ad Blocker.
Once the apps are downloaded and installed, they look like official services and the user is not likely to discover any error until it is too late.
Applications to watch out for include:
Uplift: Health and Wellness.
Kaspersky: Free Antivirus.
Official versions of these apps, which are unaffected by malware, have been downloaded more than 50 million times, and hackers seem to be using their massive popularity to try to go unnoticed.
Bitedender said: according to an early analysis report, the malware can perform superimposed attacks across Android accessibility services, intercept messages, perform various keylogging activities, steal Google authentication codes, and even take full remote control of Android devices.
And if you think you have one of the above fake apps on your phone, you should delete it immediately.
Bitdefender also released tips on how to avoid the threat in the first place with security experts, saying, the best way to avoid infection is to never install apps outside the official store. Also, never click on links in messages, and always be aware of Android app permissions.