To install apps on your mobile phone, whether Android or iOS, you should go through official channels. Google has the Play Store, and Apple’s equivalent is the App Store. They should be the main places where you search for apps.
There is a perceived sense of security when browsing official app stores. Most people assume that apps are checked for malware or malicious code. It is (in theory) the safest and secure way to get applications on your phone.
But Android lets you install apps through third-party providers, bypassing the Google Play Store. Through this method, cybercriminals have been targeting victims with a new kind of malware.
Here’s the backstory
The hardest part for any cybercriminal is getting potential victims to download malicious software. Some try to hook you with new or unknown apps, but others are shamelessly ripping off well-known brands.
A new malware campaign has been discovered by Bitdefender, where cybercriminals develop spoofed versions of real apps. When installed on mobile devices, it can steal your personal data and sensitive information.
At least five apps were discovered that mimic their real-life counterparts, and they are packed with the highly infectious TeaBot banking trojan. Also known as Anatsa malware, hackers can take complete control of an infected device in some cases.
What to look out for
The malicious apps copy the name and logo of other popular applications but provide no functionality other than spreading malware.
According to Bitdefender, here is a list of the real apps along with spoofed versions:
- Real app: Uplift: Health and Wellness App. Spoofed version: Uplift: Health and Wellness App. (Notice these are identical.)
- Real app: Bookmate: Read Books & Listen to Audiobooks. Spoofed version: BookReader.
- Real app: Pluto TV – It’s Free TV. Spoofed version: PlutoTV.
- Real app: Kaspersky Antivirus: Security, Virus Cleaner. Spoofed version: Kaspersky: Free Antivirus.
- Real app: VLC for Android. Spoofed version: VLC MediaPlayer.
Bitdefender added: “From time to time, the fake apps will show out-of-context ads and will eventually download and attempt to install Teabot, as instructed by the CnC.”
What you can do about it
The most important takeaway from this is that you should only download apps from official app stores. Side-loading or installing from third-party providers leaves you vulnerable to malware, putting your phone and data at risk.
Another way to stay protected is to have antivirus software that you can trust on your devices. We recommend our sponsor, TotalAV.
And now you can get this five-star protection for a steep discount. TotalAV has an exclusive deal just for you. Buy now and you can get real-time antivirus protection for all your gadgets for $100 off. An entire year of protection is just $19. You really can’t beat that.