Multiple malicious Android applications have been spotted masquerading as some of the platform’s most popular tools, but anyone installing the imposters might get their login credentials or other, very sensitive information stolen from their device.
A report from cybersecurity researchers SonicWall Capture Labs described observing multiple apps pretending to be Google, Instagram, Snapchat, WhatsApp, Twitter, and others, mostly by using icons that look almost identical to the ones used by legitimate apps.
“This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their devices,” the researchers said. They did not discuss who the cybercriminals behind the campaign are, or how they go about distributing these apps. An educated guess would be through fake websites, instant messaging platforms, phishing, and more.
Increasing sophistication
They also didn’t say who the most popular targets are, or where they are located. We have reached out to SonicWall with additional questions and will update the article when we hear back from them.
Once the malware is installed on the Android device, it will first ask for Accessibility Service and Device Admin Permission permissions (the latter is present in older models), which should be enough of a red flag for anyone.
Still, if the victim grants these permissions, the app can then connect to its command-and-control (C2) server to receive further commands for execution, access the device’s contact lists, SMS messages, call logs, and the list of installed apps. It can also send SMS messages; open phishing pages on the web browser, and toggle the camera flashlight.
The best way to protect against malicious Android apps is to only download them from legitimate sources, always double-check the ratings and user reviews, and be mindful of the permissions the app is requesting upon installation.