Cybersecurity Blog

Photo editing apps on Google Play loaded with malware – 01/31/19

 

Trend Micro has discovered that several Android apps used to make photos more “beautiful” are actually loaded with malware. Instead of working as advertised the nasty things randomly throw pop-ups ads on your screen, some of them directing you to a porn site.  This is rather uncomfortable if you happen to be visiting your mom.

If you click on any of the pop-up ads, you are asked for payment or redirected to phishing websites asking for personal information.  Should you decide to take them up on any of their dirty little offers, you receive nothing in exchange for payment.

What makes these apps so devious, is it is not readily apparent that it is the app itself that is responsible for the pop-ups.  In addition,  deleting the app  is often difficult as its icon will often be missing from the application list.

If you check the reviews on these bad boys, you find a bunch of 5 star reviews and then a bunch of 1 star reviews. Anytime you see this, it is usually an indication that the scammers pumped up the ratings with a bunch of good reviews only to have their efforts countered by actual users.  Darn those users, being all truthful.

Thankfully these dreadful apps have been removed from the Google Play Store. However if your phone is behaving badly and you aren’t sure why, check to see if you have installed one of the following

Pro Camera Beauty
Cartoon Art Photo
Emoji Camera
Artistic effect Filter
Art Editor
Beauty Camera
Selfie Camera Pro
Horizon Beauty Camera
Super Camera
Art Effects for Photo
Awesome Cartoon Art
Art Filter Photo
Art Filter Photo Effcts
Cartoon Effect
Art Effect
Photo Editor
Wallpapers HD
Magic Art Filter Photo Editor
Fill Art Photo Editor
ArtFlipPhotoEditing
Art Filter
Cartoon Art Photo
Prizma Photo Effect
Cartoon Art Photo Filter
Art Filter Photo Editor
Pixture
Art Effect
Photo Art Effect
Cartoon Photo Filter

If you have one of these nasty things on your phone, you may have to perform a factory reset to remove it.

 

More malicious apps found on the Play Store – 12/13/18

 

Google has removed 22 apps from the Play Store that together have had over 2 million downloads.  The most popular being Sparkle, an Android flashlight.  The apps seem to work as described. However in the back ground they are clicking on ads which generates revenue for the advertisers.

Not only does this slow down your phone, use up battery power and is just down right annoying, but it also is fraudulent. Companies pay online advertisers only when someone clicks on their ad. The idea is if the advertiser does their job and places the online ad in the right locations, then a click on the ad should lead to a sale.

That is what companies think they are paying for, potential customers. Instead this app acts as a bot, clicking on ads thousands of times and raking up the charges for the company. The company receives nothing in return as bots aren’t big shoppers.

What should you do if you have an Android phone? First of all, check the list of affected apps to see if you have downloaded one of them. You can find the list in the Sophos article. Then uninstall the app. As an extra precaution you can perform a full factory reset.

Although downloading apps from reputable sources reduces the chances of you downloading something malicious, it does not guarantee it.  Remember to check reviews for an app before you download it. If you find a reduction in your phones performance after the download, uninstall the app. If it continues then perform a factory reset.

 

 

App masquerading as the Play Store – 12/05/18

 

An app called Google Play Marketplace has been found in the Google Play Store looking very much like the Play Store app. Unfortunately it is actually a nasty piece of malware that steals banking credentials, tracks your location, steals data, memorizes key strokes and a whole bunch more.  Like I said, it’s nasty.

Not only is this app nasty, it is also annoying. It asks for permissions to phone settings repeatedly until you finally give in.  When you do, you hand over control of your device to the hackers. To add insult to injury the app asks for payment to allow access to Google Services and locks your phone until payment information is entered.  Once you are allowed to use your phone again, anytime your try to browse to a website you are redirected to one that is malicious.

The only way to get rid of the malware and regain control over your phone is to perform a factory reset and wipe it clean.  However by that time the hackers already have everything they want.

The scariest part of this story, is researchers found the word “test” adjacent to many of the malware’s lines of code. That means that this is just version one.  Although the Google Play Marketplace app containing this malware has been removed from the Play Store, there is clearly a plan to release it again in another app. What that will look like is anyone’s guess.

Remember to read reviews and look for large numbers of downloads before you download an app. If you download one that repeatedly asks for permissions that it doesn’t need or asks for payment to access Google services, uninstall it immediately.  If the problem persists, perform a factory reset.

 

Sneaky apps using Touch ID in new scam – 12/05/18

 

Fitness Balance & Calories Tracker are two apps that have been removed from the Apple Store for tricking users into approving in-app purchases using Touch ID. How did they do it? Quite cleverly actually.

As part of the initial set up you are asked for a finger print scan to view your personal calorie tracker and diet recommendations.  As your fingerprint is being scanned, pop ups appear asking you to approve several payments.  Of course because you are having your fingerprint scanned, the payments are marked as approved. Very clever. You would admire the creativity if they weren’t racking up charges on your credit card.

This new attack vector gives us another thing that we need to watch out for when using apps, inappropriate use of Touch ID.  Lucky for us if you have been victimized by this scam, all you have to do is contact Apple and ask for a refund.

 

Banking malware found hiding in apps on Google Play – 11/01/18

 

Several malicious apps  pretending to be device boosters, battery managers and device cleaners have been found on Google Play.  These seemingly innocent apps contain malware and work in one of two ways.  They either function as they are expected or they display an error message claiming that that the app is incompatible with your device and it has been removed.  In  both cases, these apps contain very sophisticated banking trojans. They create phishing forms tailored to apps found on your phone. These forms appear to be legitimate login pages but are actually collecting your account information for the hackers. These nasty apps also covertly intercept and redirect text messages, bypass SMS based two factor authentication, intercept calls and download and install other malicious apps.

The good news is, if you think you have one of these apps on your phone you can easily uninstall it using the Application Manager in the Settings app. This is a good time to remind you to only download from reputable sites and to pick apps that have high numbers of downloads as well as many good reviews.

 

Adobe Flash update also installs malware – 10/17/18

 

Criminals have been disguising Adobe Flash updates as malware for a while now.  They are quite fond of compromising a legitimate website with a fake update pop up. Now there is a new twist on this old tactic.  If you choose to install the fake update it actually does update Adobe Flash. however a cryptominer comes along for the ride.

Because the software does what it says it will do, most people don’t notice what is going on in the background. This allows the malware to go undetected. It isn’t until a few days or weeks have passed and the user finally gets fed up with their slow machine that the malware is discovered.

To avoid fake software updates, remember to visit the application’s site directly for downloads or select check for updates from the software’s menu. Those popups that appear while you are browsing are often loaded with malware.

 

How to protect your Android device – 08/22/18

 

With reports about compromised or fake apps in the Google Play Store coming out every month or so, owning an Android device can be down right stressful.  While there are things you can look for to reduce the risk of downloading a nasty app, it isn’t always easy to identify them.

To help keep your Android device safe, Google Play Protect is installed on it at the factory.  However researchers have found out what millions of Android users have known for years, Google Play Protect does a terrible job.  Even with the tool pre-installed, users everywhere are still experiencing malware infections on a large scale.

So what is a user to do?  The good news is there are many excellent apps out there designed to protect your Android device from malware. Even better, many of them are free.  The more recognizable names are McAfee, AVG, Avast and Norton. However some lesser known products like Anity, Cheetah and F-secure are also excellent.  All of them out perform Google Play Protect.

If you want to keep your Android device secure, before you download an app:

  • Only download from the Google Play Store (it’s still safer than the wild web)
  • Check its reviews
  • Check the number of times it has been downloaded
  • Check to see what kind of access to your data and your device it wants
  • Download an anti-malware app before you download anything else

 

60 000 Android devices infected with malware – 06/28/18

 

The latest malicious Android app is a clever thing indeed.  So clever that it has managed to infect 60 000 devices at last count. What should you look out for? The whole process starts with a pop up that informs you that you have issues with your device.  The make and model of your device is listed in the pop up making everything look very official. It gives you the option of ignoring the issues or cleaning them up by installing an app. Thing is it doesn’t matter what you click, it takes you to a power saver app in the legitimate Google Play store.

It isn’t until you look at the permissions that the app asks for during install that things seem a bit odd.  Why would a power saver app need:

  • to read sensitive data?
  • to receive text messages?
  • to pair with Bluetooth devices?
  • full network access?
  • to modify system settings?
  • to receive data from the Internet?

If you decide to ignore the red flags and install the app anyway a few things will happen. First,  a hacker completely controls your device. Second,  a little ad-clicker bot runs in the background clicking on ads and generating revenue for the hacker while stealing your data. Third, the app actually does work by stopping processes that are using too much battery power when the battery level is low.  So it isn’t all bad. At least the app does what it says it does. It’s the bonus features that you can do without.

If you are have a pop up on your device that you cannot close or that takes you to a web page or the Google Play Store no matter what you do, restart the device. That should get rid of the pop up.  If it persists you may have to resort to a factory reset.  Either way you do not have to give a hacker control of your phone to get rid of a persistent pop up.

 

Is that app really as popular as it seems? – 06/15/18

 

 

Cyber criminals are getting wise. They have noticed that if an Android app has lots of downloads listed, the odds are pretty good that others will download it as well. They are using this phenomenon to trick people into downloading their malicious apps.

How are they doing it? When you browse the app store,  the only information that you see is the app name, app icon and the developer name. Creative criminals are taking advantage of this by entering their developer names as 100 Million Downloads, Installs 1,000,000,000 + or simply 5,000,000,000.

Criminals aren’t stopping the deception there. They are also using Verified Application or Legit Application as their developer names. Never mind that Google Play doesn’t have a developer account verification service, it looks good anyway.

This is just a reminder that when you are looking for apps to download stick to Google Play and read reviews carefully. Stay away from apps that use deceptive tactics, have few reviews or few downloads.  Happy and safe downloading!

 

 

More apps on Google Play containing malware – 05/11/18

 

Once again a bunch of apps on Google Play have been found to contain malware. The  majority of them are photo editors.  Here is the list of apps and their publishers.

Ladies World by Chenxy
Happy photos by chandrahegang
Beauty camera by bai xiongshu
S-PictureEditor by bai xiongshu
Collage maker 2018 by bai xiongshu
Gallery by bai xiongshu
Collage Maker by bai xiongshu
S Photo Plus by LiaoAny
CollagePlus by LiaoAny
Photo Studio by elaine.wei
Collage Studio by elaine.wei
Photo Studio Plus by elaine.wei
Collage Studio Pro by elaine.wei
Hot Chick by Sunshine Fun
Popular video by Phoenix bird Tech Limited
Music play by Jiangxi Huarui Network technology company
Photo collage edit by Jiangxi Huarui Network technology company
Pic collage by Jiangxi Huarui Network technology company
Super Photo Plus by kowloon
Bees collage by kowloon
Superb Photo by kowloon
Sweet Collection by TopFun Families
Pic collage by Shenzhen coronation plus Technology Co.. Ltd.
K music by Shenzhen coronation plus Technology Co.. Ltd.

If you have downloaded one of these apps, uninstall it from your phone and run a virus scan.  Although malware containing apps are found on Google Play regularly, it is still safer to download apps from there than other locations.  To reduce the risk, make sure you only download apps with a large number of positive reviews and downloads.