Multiple malicious Android applications have been spotted masquerading as some of the platform’s most popular tools, but anyone who installs the impostors could gain their device’s login credentials or other highly sensitive information.
A report from cybersecurity researchers SonicWall Capture Labs describes the observation of multiple apps posing as Google, Instagram, Snapchat, WhatsApp, Twitter, and others, usually by using icons that look nearly identical to those used by legitimate apps.
“This malware uses famous Android app icons to trick users and trick victims into installing the malicious app on their devices,” the researchers said. They did not discuss who the cybercriminals behind the campaign are, or how they are distributing these apps. An educated guess would be through fake websites, instant messaging platforms, phishing and more.
Increasing sophistication
They also did not say who the most popular targets are or where they are located. We’ve reached out to SonicWall with additional questions and will update the article as soon as we hear back from them.
Once the malware is installed on the Android device, it will first ask for Accessibility Service and Device Administrator permissions (the latter is present in older models), which should be a red flag for everyone.
But if the victim grants this permission, the app can connect to the command-and-control (C2) server to receive further commands for execution, access the contact lists, SMS messages, call logs and the list of installed device apps. . It can also send text messages; open phishing pages in web browser and turn on camera flashlight.
The best way to protect yourself from malicious Android apps is to download them only from legitimate sources, always check the ratings and user reviews, and take into account the permissions the app requests upon installation.