Android applications are always an effective tool for cybercriminals in committing bad acts.
According to a report from cybersecurity researchers of SonicWall Capture Labs, many fake Android applications are being distributed on the Google Play Store, with the ability to impersonate popular applications such as Facebook, Instagram, and Google to fool users into installing.
Once installed on the device, these applications will ask users to grant access to accessibility services and device administrator API permissions. With these powers, fake apps can control everything, such as stealing personal data, messages, contacts, call logs, installing malware without the user's knowledge. know.
Malware installed in fake apps can connect to command and control (C2) servers to access data on the device, send SMS messages, open phishing websites, turn on the flashlight camera. camera. It can even impersonate the login page of services such as Facebook, Instagram, LinkedIn, Microsoft, Netflix, PayPal... to steal user login information.
Fake login page to steal user accounts. (SOURCE: SonicWall Capture Labs)
In addition to hiding in fake applications, malware is also distributed through SMS messages and social engineering campaigns. Bad guys will fake applications related to defense and anti-virus services to lure users into installing them.
Researchers also warn of a rise in banking malware on Android. This type of software can collect sensitive information, displaying a fake overlay to trick users into providing bank account login information.
According to Kaspersky, the number of Android users attacked by banking malware has increased by 32% compared to the previous year. The majority of infections were recorded in Türkiye, Saudi Arabia, Spain, Switzerland and India.
