More than 200 Android apps masquerading as fitness, photo editing, and puzzle apps have been discovered distributing spyware called Staff to get user credentials and other valuable information.
“Similar to Joker, another mobile malware, Facestealer changes its code frequently, thus creating multiple variants,” said Trend Micro analysts Cifer Fang, Ford Quin and Zhengyu Dong. in a new report. “Since its discovery, spyware has repeatedly attacked Google Play.”
Facestealer, first recorded by Doctor Web in July 2021, refers to a group of fraudulent apps that infiltrate the official app market for Android with the goal of stealing sensitive data like login credentials. Facebook.
Out of 200 apps, 42 are VPN services, followed by cameras (20) and photo editing apps (13). In addition to collecting login information, the apps are also designed to collect Facebook cookies and personally identifiable information associated with the victim’s account.
In addition, Trend Micro revealed that it has discovered more than 40 fake crypto mining apps targeting users interested in cryptocurrencies with malware designed to trick users into viewing ads and payment for subscription services.
Some fake crypto apps, such as your own Cryptomining Coin, take it a step further by attempting to steal private keys and mnemonic phrases (or seed phrases) used to restore access to the crypto wallet.
To avoid falling victim to such scam apps, users should check for negative reviews, verify developer legitimacy, and avoid downloading apps from third-party app stores. father.
New study analyzes malicious Android apps installed in the wild
The findings come as researchers from NortonLifeLock and Boston University published what they call “the largest on-device study” of potentially harmful apps (PHAs) on Android based on 8 0.8 million PHAs installed on 11.7 million devices between 2019 and 2020.
“PHAs live on Google Play for an average of 77 days and 34 days on third-party marketplaces,” the study noted, pointing to a lag between when PHAs are identified and when they’re removed, adding 3,553 apps showing signs of moving between markets after a drop.
On top of that, research also shows that PHAs last for a much longer average time when users switch devices and automatically install apps when restoring from a backup.
Up to 14,000 PHAs are said to have been transferred to 35,500 new Samsung devices using the Samsung Smart Switch mobile app, which will stay on the phone for a period of approximately 93 days.
“The Android security model severely limits what mobile security products can do when a malicious app is detected, allowing the PHA to persist for days on the victim’s device,” the academic said. “The current warning system used by mobile security programs is not effective in convincing users to uninstall the PHA in a timely manner.”