Other issues in this category (81)
Fake mobile applications
Tuesday, November 22, 2022
Almost all of us have mobile gadgets: a smartphone or a tablet. Today two players completely dominate the world’s mobile device market: Google and its Android operating system, and Apple with its iOS operating system. Which one is better is a matter of eternal dispute with an infinite set of arguments from both sides. We will only note that these systems are antipodes that oppose each other in terms of “openness” and “closedness”, “freedom” and “strict limits”. For example, iOS is designed to work only on Apple devices. And Google's operating system "works" literally on all other mobile gadgets and on many IoT devices that are produced by a variety of manufacturers. Another important difference is that by default, users can only install apps from the AppStore on their iOS devices. This restriction can be bypassed, but it's not a fact that a common user will be able to do this. But Android allows users to install apps not only from its official catalogue but also from any other source. Android's versatility combined with its popularity, by default, adversely affects security. In this Anti-virus Times issue, we will talk about fake Android apps that can pose a real threat to users.
Here we'll acknowledge straightaway that Apple devices can also be attacked by cybercriminals. However, the "closedness" of the OS itself, as well as the fairly thorough moderation of applications downloaded to the App Store, prohibits cybercriminals of all stripes from completely "running wild". Of course, iPhones can also have (and do have) vulnerabilities that are detected from time to time by both researchers and hackers. But if we are talking about mass malicious applications, owners of Android devices are much more threatened.
As we already mentioned, Android allows a user to install applications not only from official catalogues but also from any source. Installation files have the .apk extension. They can be downloaded from the Internet, or via email or messengers. The main danger is that nobody moderates such programs, so the risk of running malware on your phone increases manifold. The Android built-in protection tools are not equipped with a wide array of features. At startup, a user will only be presented with the list of permissions requested by whatever particular application is being installed. Modified, hacked versions of legitimate programs are often distributed as APK files. One can’t say with 100% certainty whether an APK file is malicious; only a virus analysis, which is out of the question for inexperienced users, can prove this.
Often, an application can be disguised as a harmless program, but it can contain hidden features. Every month we publish virus reviews and also include information about common mobile device threats in them. Unfortunately, the official Android application catalogues can also contain advertising, unwanted and even malicious programs. Let's recall the most common of them to understand what threat they can pose to users.
Most often, malicious modules embed themselves into a variety of applications that are disguised as image editors, on-screen keyboards, system utilities, call applications, programs for replacing the background image of a home screen, and others. One of the most widespread threats in recent times is the trojan family detected by Dr.Web products as Android.HiddenAds. These malicious programs are most often distributed under the guise of useful programs or games that can be downloaded from Google Play. They are designed to show annoying ads. To make it harder for them to be detected in a system, they hide their icons in the main screen’s list of installed applications or replace them with less noticeable ones.
But even more dangerous trojan families can be found on Google Play. For example, Android.Joker trojans, which can execute arbitrary code, steal data from the phone book, intercept SMS messages, and automatically sign users up for paid premium services. This trojan family is also distributed under the guise of harmless programs – image collections, graphic editors and other utilities. There are numerous other trojan families. Some of them steal passwords and other personal information, and the rest display advertising banners, interfering with a mobile device’s normal operation.
It should be noted that such dangerous applications can contain the declared features, while the malicious modules will work covertly. This situation is doubly dangerous for the user, as a trojan can "live" in a system for a long time, performing destructive functions. For example, earlier our virus analysts found dozens of mobile games containing Android.Cynos.7.origin in the official AppGallery catalogue. The scale of the threat turned out to be truly great because at the time of the discovery, the "infected" games had been downloaded by millions of users. When the game was being installed, the trojan would request permission to manage phone calls, which, unfortunately, did not bother many of the large number of players.
In one of our issues of the Anti-virus Times, we’ve already written about permissions for Android apps. We recommend that you reread that material and always closely monitor the activity of applications, even if they are downloaded from official sources.
The Anti-virus Times recommends
- Always carefully check the names of programs downloaded from official catalogues because cybercriminals often make their fakes look like well-known applications. A subtle modification of the name, adding a year to the name or an app icon that imitates the original can be among a hacker's tricks.
- Pay attention to the date when the application was added. Fake applications are often recent uploads to the catalogue, and the real applications that the fakes are masquerading as may have been on the market for several years.
- Pay attention to the description of the program. Sometimes cybercriminals give a confusing description or a description with typos. You can come across descriptions in other languages instead of the expected ones. Also check the developer data and the contact information that has been specified.
- Check the app’s rating and reviews. Positive reviews can be artificially inflated, but even in such cases, you’ll spot authentic negative reviews.
- Once the application is installed, pay attention to its behaviour. Often dangerous applications require access to permissions that should not be required for the declared functionality. For example, special features, being viewable on top of other programs, and so on. Never grant such permissions. It is better to uninstall the program immediately and try to find the official site so that you can clarify with the developers whether the program is real or not.
- Always remember malicious modules can be contained in a variety of applications.
- Protect all your Android devices with Dr.Web anti-virus products and keep your security software up to date. The free Dr.Web anti-virus for Android reliably protects a system from common threats, and Dr.Web Security Space for Android incorporates many additional features to ensure the most reliable protection.