Android users should be especially careful: a new malware is being released via Google Play Store. It is called "Facestealer”, and can steal personal information stored on your phone, steal passwords access of social media and bombard you with intrusive ads.
Security researchers from Doctor Web Anti-Virus They first discovered Facestealer hiding in 10 Android apps in July 2021, but the latest batch of downloads includes 200 malicious apps, almost all available in the Google Play Store and other third-party stores.
The problematic applications were usually:
Fake VPN services
Photo and camera editing applications
and - not surprisingly - cryptocurrency-related applications.
The 200 apps have now been removed from Google Play. However, many of these applications managed to collect thousands of downloads within the few weeks that were available. Of course, users do not knowingly download malware - such applications often look normal and can even fool Google.
Although Google Play has malware protection and scans all applications that are running on the service, malware developers have come up with very sophisticated ways to hide their intentions.
So even though Google scans look for malicious code there is code that is not malicious but gives commands for λήψη of the malicious payload after installing the application from an external server.
This means that these methods of infection could take weeks to complete. It's a major flaw in the security measures of Google and Android and it is not something that can be fixed immediately at least.
So since it seems impossible to avoid malware on Android you should be careful what you download.
How to Avoid Malware on Android
A malicious application:
- It demands too many rights. A VPN for example does not need access to your camera.
- Requires "additional software" installations or tries to download additional applications.
- Sends you spam with ads.
- He suddenly asks for payment information to continue using free features
- It is an obvious code copy of other popular applications.
- Available only in makeshift or unknown third-party stores.
Obviously, with the above you will not discover every fake app, so you should check the reviews. And I mean really read all the reviews. Don't just check the app's star rating or top-rated reviews. If you notice a bunch of 1-star reviews pointing out various malicious behavior and a lot of 5-star reviews that don't contain much information, then the app is probably fake.
Of course if you have any doubts, do not download it. If you download something that later turns out to be a scam, delete it, and leave a review to warn others. You should also report the application to Google.