According to Bitdefender, a cybersecurity company, fake versions of popular apps were used to spread malware on Android. Criminals actually spread most of their malware through sideloading.
As most of you know, Android allows you to sideload apps, you don’t have to install them via the Play Store. That is contrary to Apple, and one of Android’s biggest strengths, many would say. Well, it turns out that’s a weakness too, if you’re not careful.
Fake apps have been spreading malware, masking themselves as popular applications
The TeaBot and Flubot are the newest trojans, spotted early this year. Bitdefender spotted a batch of new malicious Android applications that impersonate real ones, and they’re usually doing that for rather popular apps.
The company found five such apps that were containing the TeaBot trojan, and at least one of them has been installed over 50 million times. Those apps use fake ad blocker apps to spread around malware.
Those apps will ask your permission to display over other apps, show notifications, and install apps outside of the Play Store. Once they do that, icons for such apps remain hidden from the app drawer.
TeaBot can do some serious damage, so be extra careful. It can “overlay attacks via Android Accessibility Services, intercept messages, perform various keylogging activities, steal Google Authentication codes, and even take full remote control of Android devices.”
On the flip side is Flubot. This malware is spread through SMS spam. Flubot steals banking, contact, SMS, and other types of private data from infected devices. It can send an SMS with content provided by the CnC.
Stick to the Google Play Store when installing apps, or be extra careful
Flubot usually imitates shipping apps like DHL Express Mobile, Fedex, and Correos. Bitdefender suggests that you stick to the Play Store when installing apps, in order to avoid such problems.
If you take a look at the image / table below, you’ll see a comparison between fake and real apps. Some of the examples include PlutoTV, Kaspersky Antivirus, and VLC.