#apps #urgently #uninstall #smartphone #Geeko
Doctor Web antivirus has published its report for the month of May 2022. It warns of numerous new threats present on Google Play.
The cybercriminal activities targeted by the report distribute their Trojans through the Google Play Store. And this often under the guise of games and various programs. For example, horoscopes, photo editors, utilities, etc. Thus, all the applications described in this article “Downloaded fraudulent websites where attackers attempted to steal personal information and money from potential victims”warns Doctor Web. The list of applications to urgently remove is at the end of the article.
the three tendencies
The report highlights three trends. First of all, notice the decreased activity of the Trojan. Android.Spy.4498, that exclusively attacks devices running Android. Its mission is to steal the content of notifications from other apps. To do this, it also downloads and prompts users to install other applications and is capable of displaying various dialog boxes.
“Known versions of Android.Spy.4498 are bundled with some unofficial WhatsApp messaging mods, such as GBWhatsApp, OBWhatsApp, WhatsApp Plus, etc.”says the report. Attackers typically spread these modifications through malicious websites.
Good news, the second trend concerns the decrease in advertising Trojan activity. In most cases, these are advertising banners capable of triggering automatic downloads of malicious programs. On the other hand, Doctor Web warns in parallel about the appearance of new malicious applications.
Two evil families
Throughout April, Doctor Web analysts detected new malicious apps on Google Play. And more particularly, the Trojan horses of the family Android.Joker. The latter are capable of downloading and executing arbitrary code, as well as subscribing users to paid mobile services. “One of them was hidden behind the Purple Live Wallpaper ‘live’ wallpaper app, the other behind the QR Code Reader recognition program”says the report.
But that is not all. Analysts have also reported the proliferation of new Trojans from the family Android.FakeApp. The attackers presented them as applications intended to receive state aid by hiding them in programs titled “How to get compensation from the Russian Federation”, “Payments for citizens 2022” and “FRSP payments”. The researchers named them Android.FakeApp.930, Android.FakeApp.931 Y Android.FakeApp.933.
Seven apps to remove
Below is the list of apps to ban.
- magnifying glass flashlight : The application hides an advertising Trojan. It displays video ads and banners that download malicious programs.
- wild and exotic animals wallpaper : The application changes its icon to try to be invisible to the user and changes its name to “SIM Tool Kit”. The SIM toolkit, also called “SIM Application Toolkit”, or “SIM Toolkit” allows the phone user to access the services provided by the mobile operator. Obviously, it is a set of applications installed on a SIM card, which allow you to activate certain functions desired by mobile operators. To accomplish its attack, Wild & Exotic Animal Wallpaper app asks the user for permission to be removed from the list of disabled apps for battery saving. The ads are then regularly displayed on the device screen, even if the user has not used the app for a long time. Wild and exotic animals wallpaper has been downloaded over a million times.
These two apps camouflage themselves by removing their icon from the list of installed apps and disappearing from the home screen.
- PIP Camera 2022 : This camera app contains a virus. The report has over 50,000 downloads.
- PIP Pic Camera Photo Editor : This is an image editor. At the moment, the application is also still available on the Play Store and has registered more than one million downloads.
- Camera photo editor and light exposure photo editor : The image editing app duo no longer appears in the Store.
- Zodi Horoscope – Fortune Seeker : This horoscope app has 500,000 downloads. It is still available on the Google Play Store and contains a virus.
The mission of these last five malicious apps is to steal the victim’s Facebook login credentials.
Follow Geeko on Facebook, YouTube and Instagram so you don’t miss any news, tests and tips.