Fake WhatsApp and Instagram apps that can steal personal data

- Android smartphone users should be increasingly alert to malware infections on their devices.

Cybercriminals are now using a combination of malware and fake popular applications to steal passwords and other sensitive data from Android users.

According to reports, hackers were seen trapping victims by distributing malware disguised as Google, Instagram, Snapchat, WhatsApp, and X/Twitter apps.

"This malware uses a well-known Android app icon to mislead users and trick victims into installing malicious applications on their devices," the threat research team at SonicWall Capture Labs said in their latest report.

Once installed on a user's mobile phone, the application contains the malware that asks the user to give permission to the accessibility service and the device administrator API, a device administration feature at the system level that is currently not used anymore.
Once access is granted, the malicious application gains control of the device, allowing the hacker to perform arbitrary actions ranging from data theft to the spread of malware without the victim's knowledge.

According to The Hacker News, this malware application is designed to connect to the command-and-control (C2) server to receive commands to be executed.

It allows hackers to access contact lists, SMS messages, call logs, lists of installed applications, send SMS, activate camera flashlights, and, worst of all, open malicious websites in the victim's browser for phishing purposes.

For phishing pages, hackers set up fake login pages very similar to those belonging to famous services like Facebook, GitHub, Instagram, LinkedIn, Microsoft, Netflix, PayPal, Proton Mail, Snapchat, Tumblr, X, WordPress, and Yahoo to trap victims.
Unwary Android users will enter their usernames and passwords on the phishing login page voluntarily. Well, this is the username and password that is then passed on to the hackers.

From there, hackers can take over the victim's online accounts and commit fraud or even identity theft if enough sensitive and personal information is contained in one service.

For example, if a hacker gets a Microsoft victim’s credentials where the victim uses OneDrive to store copies of their ID cards, passports, or even their Social Security numbers, the hackers can use the data to steal the identity of the user.

It is not clearly known how the application containing this malware spread. However, fake apps that resemble these popular apps on Android can be spread on phishing sites, via e-mail or text messages, or even may be accompanied by pirate software such as when downloading unintentional APKs on the web.
Google is said to have taken many precautions over the years to significantly reduce the likelihood of malicious applications appearing in the Play Store.

Here are some things that users should know to prevent malicious applications installed on the Android Smartphone.

- Make sure Google Play Protect is enabled because this pre-installed security app scans all existing apps and new apps you download for malware.

- Always use the app to download from the Play Store or the official site of the app. - Be careful when someone asks you to install the app through text messages, emails, or on social media. 

- Personal data theft mode could be using APK files disguised as digital wedding invitations. So, be careful when opening links from unknown people. 

-Routine performing device and security updates. -Enable two-step verification on Google accounts, social media apps, etc. to add a layer of security. If necessary, install an Android antivirus application.

(Newsline Paper Teams)

Previous Post Next Post