Phishing Goes Mobile: New Android Malware Hits Google Play

By on May 06, 2016

Sometimes, things just aren’t as they seem to be. For example, last year, Google Play hosted a round of mobile games that were, in actuality, malicious applications. A lot of victims downloaded those supposed games and had their security compromised. It’s a familiar, and often repurposed attack. It’s also becoming increasingly common on mobile platforms, most recently surfacing through new Android malware.

That’s right: cybercriminals are adapting phishing attacks — attacks that trick users into giving up personal or sensitive information by posing as a trusted service — to the mobile world. They’re doing so by developing and publishing faux applications and updates that closely mimic trusted services, even if those services don’t normally have a mobile presence.

In particular, we’re seeing two types of attacks: one that comes in the form of downloadable applications and another in the form of corrupt “software updates” pushed onto victims if the right conditions are met. The former’s malicious applications are so convincing in appearance that they bypass Google’s vetting system for sifting legitimate from malicious apps. Conversely, the latter chooses to piggyback on the legitimacy of an authority — in this case, Google’s authority over the Chrome mobile browser — in order to convince victims to download a malicious update package.

So how are these attacks slipping through the cracks? Each style of attack has its own answer. In the threat involving disguised malicious apps, for example, the apps don’t actually do anything malicious on their own. Instead, they refer victims to well-crafted, lookalike login pages of banking and payment websites in order to collect credentials. The threat involving corrupt updates, as BGR reports, prey on victims who’ve disabled default security, posing as official app updates on phony sites. This threat also disables any existing security software on a victim’s device.

These are both scary, skillful ways cybercriminals can dodge malware detection while taking advantage of the trusted names used by banks, app stores and major software companies.

While the malicious applications in question are targeting people who use digital banking and payments services for cryptocurrency like Bitcoin, any mobile user could face these threats. This type of attack could easily be repurposed for other applications and, potentially, deliver greater damage.

So how can you make sure the applications you want to download are legitimate? Here are a few tips:

  • Investigate developer credentials. Google Play is Android’s default app store. It’s also the safest store for Android devices. Still, some malicious apps get through. If you’re going to download an app, read the reviews and check the developer’s credentials at the bottom of the app’s page in the store.
  • Don’t turn off default security settings. Some malicious activities can bypass virus detectors and app stores if a user modifies a device’s default security settings. Jailbreaking and rooting—technical activities that bypass default security settings to customize devices—can add functionality, but at the cost of your security. It’s not a trade worth making.
  • Use a reliable, mobile security solution. Installing a comprehensive security solution like McAfee Mobile Security can keep your device secure from any cybercriminal’s malicious ploys—whether you use iOS or Android.

gary

About the Author

Gary Davis

Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. He is a sought-after speaker on trends in digital ...

Read more posts from Gary Davis

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to McAfee Securing Tomorrow Blogs