Warning: Smartphone malware can steal passwords, banking info from 226 apps

Warning: Smartphone malware can steal passwords, banking info from 226 apps
© Thodonal | Dreamstime.com

Despite a common misconception, smartphone users aren’t immune to malware. Mobile malware exists, and once it’s on your system, it can steal passwords, drain bank accounts and scan your phone for personal data.

Fortunately, security researchers are constantly on the hunt for mobile malware. With so many people using their phones as their main device, stamping out mobile malware is a huge priority. Tap or click here to see how to protect your phone from malware.

Unfortunately for Android users, Google’s mobile OS receives the brunt of mobile malware. But a new strain of banking Trojan discovered this year might just put previous Android malware to shame. Cybercriminals can actually rent this malware as a service and use it to attack more than 200 different apps. Here’s what we know.

Alien invasion

If you thought previous keyloggers and spyware were bad, they’ve got nothing on the newly discovered Alien Trojan. First reported by ThreatFabric, Alien is a kind of malware-as-a-service that’s been circulating on hacker forums since at least January of this year.

Researchers claim that Alien is advanced enough to steal credentials from 226 different applications — many of them are bank and financial software. And since it’s offered as a service by its creators, any cybercriminal willing to pay can rent it out to commit cyberattacks.

Here’s a small sample of some of Alien’s most dangerous features:

  • Alien can create realistic-looking login screens that capture usernames and passwords. It’s also advanced enough to place these fake logins on top of real apps when victims open them.
  • It can send, forward and harvest texts from victims.
  • Alien can track all keyboard activity and report it back to its creators or customers.
  • Alien can install and start other apps — including other malware.
  • The Trojan can steal two-factor authentication codes to break into accounts
  • It can lock your entire phone up and demand a ransom.

It’s bad enough that this malware exists, but the fact that cybercriminals can rent it any time they want makes it even worse.

Tap or click here to see why the FBI is urgently warning people about banking trojans.

What can I do to protect my phone from Alien?

First, some good news: Right now, Alien has not been detected in any Google Play apps. Instead, the only examples have been found on phishing sites and third-party app stores.

For those who don’t know, third-party app stores contain programs that aren’t approved by Google. This means they can be full of malware. Tap or click here to see more malware you can find on third-party app stores.

That said, it’s only a matter of time before some hacker figures out how to sneak Alien into a normal-looking app that makes its way onto Google Play. If you want to stay safe, here are some tips that can help keep malware off your Android:

  • Avoid visiting any app stores besides Google Play.
  • When downloading apps from Google Play, try to stick to well-known software as much as possible. If you want to download something new or unfamiliar, read reviews carefully to make sure it’s not a scam.
  • Avoid clicking links or attachments sent to you by email or text. This can lead you to phishing sites that host malware like the Alien Trojan.
  • If someone you know sends you an email or text with a link, check with them to make sure they really sent it.

Let’s keep our fingers crossed that Alien never gets a chance to invade Google Play. It has enough malware problems as it is!

Tap or click here to see the most recent batch of malware found on Google Play.

Tags: Android, cybercriminals, Google, Google Play, keyloggers, malware, phishing sites, security, security researchers, smartphones, spyware, Third-party app stores