Cybercriminals are constantly on the attack. Their scams can turn up anywhere, even in places you expect to be safe.
That's why you really need to keep your guard up. Now, there are apps infecting gadgets with spyware that actually made it into an official app store.
Thousands of spyware apps targeting Android users
Researchers with Lookout have discovered over a thousand spyware apps that are infecting Android gadgets. They have been showing up in app stores, including a few in the Google Play Store, over the last six months.
The malicious apps belong to the "SonicSpy" family. The most recent example found in the Google Play Store was titled "Soniac." It was listed as a messaging app and has since been removed from Google Play.
After downloading one of these malicious apps, an icon that looks like the app logo appears on the victim's gadget. When this icon is clicked, the logo disappears, making it seem like the app was removed from the device.
What's actually happening is, a Remote Access Trojan (RAT) is installed. RAT malware allows a hacker to take over your gadget completely.
The scammer can copy files from your gadget and send them to its Command and Control (C&C) center, view a list of your contacts and steal all of your text messages.
Even creepier is the fact that they could activate the gadget's microphone and listen in on your conversations. They could also take pictures or screen captures without you knowing about it.
Official apps stores, like Google Play and Apple's App Store, have a screening process that typically keeps malicious apps out. That's why you should stay away from third-party app stores. It's rare when a malicious app makes its way into an official store and they are good at removing them as soon as they're discovered.
How to stay protected from malicious apps
In the never ending battle against scammers, Google is asking Android users to follow these steps:
- Opt in to Google Play Protect - It is designed to work in the background, protecting users from malicious apps in real time. Click here to learn more about it and how to opt in.
- Only download apps from the Google Play Store - Even though some malicious apps make it into the Play Store, it does have a more thorough screening process. This cuts down on the chances a malicious app makes it in. Third-party app stores don't have these screening processes.
- Keep "unknown sources" disabled while not using it.
- Make sure your gadget is updated with the most recent Android security update.
- Check the app's developer - Verifying the name of the app developer is important. Copycat apps will have a different developer's name than the actual one. Before downloading an app, do a Google search to find the original developer.
- Reviews - Most of the popular apps will have reviews by other users in the app store. You can sometimes find reviews by experts online. These are helpful at pointing out malicious or faulty apps. If you find a review warning the app is malicious, do NOT download it.
If you do think that your Android device has been infected with a virus, don't worry, we've got you covered. Click here to find out how to detect and remove a virus on your Android gadget.