There were a number of stories last year about malicious apps, or those with massive security holes, making their way to Android phones via the Google Play store.
It seems like those high profile stories were just the tip of the iceberg. In an announcement earlier this week, Google said that last year alone it removed 700,000 ‘bad apps’ and stopped 100,000 bad app developers from sharing their apps on the Google Play store. If the app number sounds high, it is: It’s a 70% jump from 2016.
Google classifies ‘bad apps’ as those that have inappropriate content (like pornography), install malware on target operating systems or steal data, or are copycats of other legitimate apps.
Last August, Google rolled out Google Play Protect to stop the ever-increasing number of malicious apps from popping up in Play. Play Protect uses machine learning to continuously figure out what kinds of behaviors bad apps adapt, to try and spot them in the wild.
We reported on a number of the bad apps in the Android ecosystem last year: Some of them installed malware with malicious, persistent pop-up ads, other apps used malware like SonicSpy to steal private data from their users, others went even further and behaved like ransomware on the phone, holding data hostage. These apps often impersonated legitimate, popular apps like WhatsApp and Pokemon GO to convince unwitting users to download and install them, which is why copycat apps aren’t just an intellectual property issue.
What to do?
Stick to Google Play. In the post, Google writes that 99% of apps with abusive content were discovered and removed before anyone even downloaded them. Although that still leaves 7,000 bad apps that got through last year, it’s still safest to download apps from the Google Play store than to go rogue and download apps elsewhere online. Many alternative markets are little more than a free-for-all where app creators can upload anything they want, and frequently do.
Consider using an Android anti-virus. By blocking the install of malicious and unwanted apps, you’ll be protected even if something slips through the cracks and into the Play store.
Avoid apps with a low reputation. If no one knows anything about a new app yet, don’t install it on a work phone, because your IT department won’t thank you if something goes wrong.
Patch early, patch often. When buying a new phone model, check the vendor’s attitude to updates and the speed that patches arrive. Why not put “faster, more effective patching” on your list of desirable features.
This email, which purports to be from DHL Express, is supposedly a pre-arrival notification for a parcel that has been delivered to your local post office. The email instructs you to click a link to download and print a receipt that you can submit when picking up the parcel. However, the email is not from DHL and clicking the link does not download a parcel delivery receipt. Instead, the link opens a website that harbours malware. Once on the bogus website, you will be instructed to click a “download” button. If you do so, malware may be delivered to your computer. The exact nature of this malware may vary.
This type of attack is often used to distribute ransomware. Once installed, ransomware can lock all the files on your computer and then demand that you pay a fee to online criminals to receive an unlock code. In other cases, the malware may be designed to steal sensitive information such as banking passwords from the infected computer. In recent years, fake parcel delivery notification emails have been repeatedly used by criminals to distribute various types of malware. Be cautious of any email that claims that you must click a link or open an attached file to view details about a supposed parcel delivery.
An example of the malware email:
From: DHL EXPRESS
Subject: Parcel arrival notification
Hi [email address],
This is a pre-arrival notification of your parcel to our local post office
Kindly Print/Download your DHL-AWD reciept to be submitted during pick-up.
Print/Download DHL-AWD reciept here
Kindly endeavour to be accurate as possible to reduce time of clearance and recipient confirmation.
Please add our email to your contact to guarantee inbox delivery. | 2018 DHL Express | Customer Service |
A variant of the Marcher banking trojan is targeting Android users by masquerading as a mobile Adobe Flash Player app.
This version of the malware arrives via popcash[dot]net, an advertising network which is known to serve “popunder” ads that display behind a main browser window so that the user sees them when they try to exit.
The ads drop malware payloads that pose as Adobe Flash Player. If a user clicks on the dropper URL, they see a message warning them that their Flash Player is out of date.
The dropper also loads the malware “Adobe_Flash_2016.apk” onto the user’s device, a program which then guides the user to disable security features and allow app installations from unknown sources.
Successful installation prompts the malware to conceal its icon from the home screen, to register the infected device with its command-and-control (C&C) server, and to send important information about the infected device including a list of installed apps to its server.
A new variant of known malware Petya is believed to be behind the chaos, which initially hit Ukraine, before spreading to companies in a number of other countries, including the UK.
However, it’s not just big businesses that are under threat. Consumers are also at risk and should be wary if they are running operating systems that are vulnerable to the exploit, in other words if you have not patched,” Raj Samani, chief scientist & fellow at McAfee, told the Independent.
You may well be one of the millions of internet users who received a dangerous email offering to share a Google Docs file with you.
If you made the mistake of clicking on the link, you could start a process that could potentially result in your email archive and contact lists being slurped up in strangers and the same dangerous message being forwarded to everyone in your address book.
Malicious emails that claim to have a confirmation letter enclosed are currently being distributed by online criminals. The emails have the subject line “uk_confirmation_ph” followed by a string of random numbers and a PDF file extension.The .pdf extension is apparently a way of tricking unwary recipients into believing that the attached file is a harmless PDF. However, the attachment is actually a .zip file that, if opened, reveals a .exe file. The .exe file also has the name “uk_confirmation_ph (random numbers)”.
If you click this .exe file, various types of malware may be installed on your computer. Details, such as the subject and supposed sender address may vary in different versions of the malware emails.
If you receive one of these emails, do not open any attachments that it contains and do not click any links.
If there’s one day of the year when everyone has their guard up, it’s April Fool’s Day. After all, who can put their hand up and say that they have never been duped by an April Fool’s trick? Some of the classic April Fool’s stunts have gone down in history, such as the BBC’s news report from 1957 showing the annual spaghetti harvest in Switzerland.
Simpler times, you say? Well, 50 years later the BBC pulled a similar stunt – getting Monty Python’s Terry Jones to star in a short documentary revealing the phenomenon of flying penguins. And, like the spaghetti hanging from the branches of trees in southern Switzerland, some people believed it. They believed it because the BBC is a trusted source of information. If some nutter had sat next to you on the bus and tried to convince you that penguins could fly or that you could send a Gmail by making the motion of licking a stamp you probably wouldn’t believe them.
A compelling and potentially very successful email spam campaign is being leveraged against UK residents, warns Sophos researcher Paul Ducklin.
Needless to say, users would do well to ignore these emails. Some could (understandably) be worried about the fact that someone out there has much personal info about them, but if they are, it’s best to involve local law enforcement and ask for advice.
iPhones are known for their strong security; any time rival fanboys have an argument about whether iPhones or Android smartphones are better, the superior security of the iOS platform is bound to come up. (To be fair, Android phones are pretty secure too.)
iOS malware is rare but not unknown. Here’s how to check an iPhone or iPad for viruses and wipe it clean
The latest trends in wireless fitness trackers, smartwatches and Smart TV’s have opened up new ways for criminals to hack into your personal data and hold you at ransom, warn cyber security experts.
Think about all the everyday objects you have that are connected to the internet and hold your personal data, information about you, photos and contacts. Hackers are to those devices as bees are to honey – they’re attracted to your devices because even if the information held is not valuable to them, it’ll be valuable to you. This is where ransomware comes in….