Android users are warned about new threats
Android users are constantly warned about new threats to their devices, but 2021 could be the worst year yet. A new report from McAfee security experts has revealed the magnitude of the problem with the company saying “2021 will be a year of misinformation about malware and sneak attacks.” These new threats range from annoying adware that fills devices with endless pop-ups to more serious banking malware that can steal personal financial information and access accounts.
Google has worked hard to make the Play Store much more robust, but it seems that hackers are now using new techniques to infiltrate devices. One of the most popular ways to access smartphones is by letting Android users install apps via text or social media messages.
Unlike Apple’s iPhone, Android is a much more open platform, meaning applications can be installed from sources outside the Play Store. This makes it a prime target for hackers looking to steal data.
So if you own an Android phone, here are four of the biggest threats to watch out for this year.
Fleeceware is a growing problem that can cost Android users serious money.
Cyber thieves use a number of tricks to trick people into signing up for unwanted subscriptions and premium services that are nearly impossible to cancel. McAfee says these rogue apps often impersonate legitimate apps and can even hijack text messages to sign users in without their knowledge or consent.
A recent app that made its way to the Google Play Store racked up some 700,000 downloads before it was noticed and removed. To avoid detection, scammers often submit a clean version of the app to Google’s review process and then introduce malicious code in a later update.
Banking Malware has exploded in recent months, with McAfee Mobile Security detecting a 141 percent increase between Q3 and Q4 2020.
Most banking Trojans are distributed through mechanisms such as phishing text messages to avoid Google’s screening process. These malicious apps appear as a kind of security scanner, with names like OutProtect, PrivacyTitan, GreatVault, SecureShield, and DefenseScreen
Once activated, they pretend to scan the phone for problems, but they are simply looking for apps related to the targeted financial institutions, such as online banking. If one is found, the malware notifies the user that a popular app, such as Google Chrome, WhatsApp, or a fake PDF reader, is out of date and asks for an immediate update.
Clicking the “Update Now” button downloads additional malicious code and prompts the user to enable accessibility services, giving the app extensive control over the user’s device.
Scammers go to great lengths to gain access to devices and have sunk so low that they are using the COVID pandemic for financial gain.
With most of the world still concerned about COVID-19 and getting vaccinated, cybercriminals are targeting these fears with fake apps, text messages and social media invites.
McAfee says malware and malicious links hidden in these fakes display ads and attempt to steal banking and login details.
One of the earliest campaigns against coronavirus vaccine fraud was recorded in India in November 2020, before any vaccines were approved in the country. This operation started with text and WhatsApp messages encouraging users to download an app to apply for the vaccine. However, it was just a trick to get personal information.
Another nasty threat called Etinu has the ability to steal incoming text messages using a Notification Listener feature. Where this malware is clever is that it can read a message without activating the SMS read permission or read receipts.
This allows the app to process information in the messages without notifying the user that messages have been read.
It may use these capabilities to make purchases and sign up for premium services and subscriptions charged to the user’s account.
McAfee said of the latest threat report: “To avoid security checks, many malware authors try to distribute their apps via text messages or links on popular social media sites.
“Others write apps with minimal but legitimate functionality, add malicious code during an update when control is reduced, and then download additional encrypted packages to cover up the real malware.
“Last year, cybercriminals expanded their methods of concealing attacks and fraud, making them more difficult to identify and remove.
“Before downloading anything to your device, do some quick source and developer research. Many of these have been flagged by other users.”
“Many malicious apps get the access they need by asking the user to give them permission to use unrelated privileges and settings. When installing a new app, take a moment to read these requests and decline all requests that seem unnecessary, especially for accessibility services and access to message notifications.”
Check all Technology News here: Gaming Ideology