A new malware threat has been discovered lurking in the depths of Google’s Play Store – and this time it’s coming for your banking details. Here’s what you need to know.
Researchers at Lookout, a mobile cybersecurity company, found a number of Android apps on the Google Play Store had been exploited by a vulnerability called Strandhogg.
The vulnerability allows hackers to pop an overlay over common apps in order to capture information entered. The affected apps could pretend to be your bank app, for example, and when you enter your banking details, it would capture your login credentials and use them to access your bank account. Lookout found 36 apps had been exploiting the vulnerability but did not name which ones specifically.
The vulnerability, and the malicious apps, have been reported to Google but the report explains they’ve found tangible evidence that the exploitation may have affected a number of users already.
Is it time to dispose of my Android device?
Before you calmly walk to the bin and dump your hot malware-ridden device in it, there’s no need to be rash. While the researchers said it was not easy to tell whether your device had been affected, it did point to some key indications.
The following signs could indicate an app is affected:
- An app or service that you’re already logged into is asking for a login.
- Permission popups that does not contain an app name.
- Permissions asked from an app that shouldn’t require or need the permissions it asks for. For example, a calculator app asking for GPS permission.
- Typos and mistakes in the user interface.
- Buttons and links in the user interface that does nothing when clicked on.
- Back button does not work like expected.
As always, the best advice is prevention and being informed. It’s best to only use trusted apps and check who the supplier is when downloading them from the Play Store. If there are typos or incorrect branding, it may not be the app you think you’re downloading. Being mindful of what information you enter into an app is also important to be vigilant of. Unless it’s your trusted banking app, it’s probably not wise to chuck your details in anywhere.
While it certainly seems like a case of the Boy Who Cried Wolf, the constant stream of Android security alerts should never be dismissed lightly; especially when they come from cybersecurity professionals. Until the next malware alert, stay safe out there.
Remove This Android Keyboard Malware ASAP
I’ll hand it to malware creators; they’re certainly creative. Unfortunately, if you were one of the 10+ million downloads or 40+ million users of the Android app ai.type (which is also available on Apple’s App Store), you just dropped some pretty unpleasant malware on your device—malware that wants to go on an automatic spending spree.
[Via Ars Technica]