Hackers mimic popular Android antivirus to infect devices with malware
Fake Kaspersky antivirus app is doing the rounds on Android
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A new series of maliciousAndroid applicationshave been identified, all of which appropriate familiar branding to lull potential victims into a false sense of security.
According to researchers at security firmBitdefender, cybercriminals are distributing malware-rigged versions of various popular apps, including media player VLC, Kasperskyantivirus, and applications from FedEx and DHL.
Once installed, the fraudulent apps infect devices with either Teabot or Flubot, a pair of nasty banking trojans first discovered earlier this year.
The former strain is reportedly capable of intercepting messages andGoogleAuthentication codes, logging keyboard strokes, performing overlay attacks and, in some cases, seizing full control of the infected device.
Flubot is not quite as complex, but is still equipped with the tools to lift banking credentials, messages and other types of private data from the device. The malware also exhibits “worm-like behavior”, spreading itself via malicious SMS messages sent out from infected devices.
Fake Android apps
Although malicious applications have been known to make their way ontoGoogle Play Storeon occasion, the majority of threats can be avoided by downloading content from reputable sources only.
This is certainly true of the threats discovered by Bitdefender, which are not hosted on Google Play and can only make their way onto an Android device via sideloading.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“Spreading malware on Android devices is not easy, as the official store can usually prevent these types of apps from reaching users,” noted Bitdefender. “But one of Android’s greatest strengths, the ability to sideload apps from non-official sources, is also a weakness.”
“Using a combination of tricks to persuade users to install apps outside of the official store, criminals spread most of their malware through sideloading.”
In the report, the researchers make clear that the malware campaign is not a reflection of the security standards of the original, legitimate apps. Cybercriminals have simply co-opted recognizable branding as a means of social engineering.
At the time of writing, the malware campaign remains active, so Android users are advised to exercise caution when downloading content from non-official sources and to shield their devices with leading security software.
Update:Kaspersky, whose Android app the campaign operators are mimicking, has since provided the following statement:
“Malware creators regularly disguise their programs as popular legitimate software, including security programs, in order to lure users into installing malicious files. Kaspersky recommends downloading applications from legitimate sources (e.g. official app stores).”
Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
This super-cheap HP Victus 15 gaming laptop just dropped to its lowest price yet
