Phishing Goes Mobile: New Android Malware Hits Google Play

Sometimes, things just aren’t as they seem to be. For example, last year, Google Play hosted a round of mobile games that were, in actuality, malicious applications. A lot of victims downloaded those supposed games and had their security compromised. It’s a familiar, and often repurposed attack. It’s also becoming increasingly common on mobile platforms, most recently surfacing through new Android malware.

That’s right: cybercriminals are adapting phishing attacks — attacks that trick users into giving up personal or sensitive information by posing as a trusted service — to the mobile world. They’re doing so by developing and publishing faux applications and updates that closely mimic trusted services, even if those services don’t normally have a mobile presence.

In particular, we’re seeing two types of attacks: one that comes in the form of downloadable applications and another in the form of corrupt “software updates” pushed onto victims if the right conditions are met. The former’s malicious applications are so convincing in appearance that they bypass Google’s vetting system for sifting legitimate from malicious apps. Conversely, the latter chooses to piggyback on the legitimacy of an authority — in this case, Google’s authority over the Chrome mobile browser — in order to convince victims to download a malicious update package.

So how are these attacks slipping through the cracks? Each style of attack has its own answer. In the threat involving disguised malicious apps, for example, the apps don’t actually do anything malicious on their own. Instead, they refer victims to well-crafted, lookalike login pages of banking and payment websites in order to collect credentials. The threat involving corrupt updates, as BGR reports, prey on victims who’ve disabled default security, posing as official app updates on phony sites. This threat also disables any existing security software on a victim’s device.

These are both scary, skillful ways cybercriminals can dodge malware detection while taking advantage of the trusted names used by banks, app stores and major software companies.

While the malicious applications in question are targeting people who use digital banking and payments services for cryptocurrency like Bitcoin, any mobile user could face these threats. This type of attack could easily be repurposed for other applications and, potentially, deliver greater damage.

So how can you make sure the applications you want to download are legitimate? Here are a few tips:

  • Investigate developer credentials. Google Play is Android’s default app store. It’s also the safest store for Android devices. Still, some malicious apps get through. If you’re going to download an app, read the reviews and check the developer’s credentials at the bottom of the app’s page in the store.
  • Don’t turn off default security settings. Some malicious activities can bypass virus detectors and app stores if a user modifies a device’s default security settings. Jailbreaking and rooting—technical activities that bypass default security settings to customize devices—can add functionality, but at the cost of your security. It’s not a trade worth making.
  • Use a reliable, mobile security solution. Installing a comprehensive security solution like McAfee Mobile Security can keep your device secure from any cybercriminal’s malicious ploys—whether you use iOS or Android.
Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.


More from Mobile Security

Back to top