Google’s Android operating system outranks Apple’s iPhone by a huge percentage, and hackers feel that targeting Android will yield the most results. Several new exploits aimed at Android systems show just how pervasive the problem has become and why every Android fan needs to be vigilant.
2 Million Download Malware!
In late April, researchers at CheckPoint detected a new malware they dubbed FalseGuide in over 40 apps posted on Google Play. An estimated 2 million phone owners downloaded these fake gaming guide apps before their malignant intent was uncovered. Some of the malware-laced apps were available for six months before Google Play removed them. The toxic FalseGuide spread so far in such a short time because it targeted gamers addicted to certain games like Pokemon.Go and Mortal Kombat.
Infected Apps Just Keep Coming
Other infected apps circulating in recent months include:
- MilkyDoor: This backdoor in Android was uncovered by TrendMicro. The security company’s TrendLabs disclosed the malware just before news of FalseGuide hit. MilkyDoor was embedded in over 200 unique Android apps that had the ability to circumvent security restrictions.
- DressCode: Before MilkyDoor, there was It was a fashion dressing app that sought administrative permissions to gain device control. DressCode seemed designed to create a botnet—a network of devices that could be controlled without their owners’ knowledge.
- QuadRooter: Last summer, CheckPoint discovered vulnerabilities in 900 million Qualcomm chipsets used in Android smartphones. While patches have been developed, adoption is up to the end user. Keep your phone’s operating system updated.
- MulDrop.924: This malware disguised itself as games or gamer tools but contained a Trojan that could gather banking data while displaying ransomware warnings.
Many of these apps made it through Google Play’s cursory screening, and hundreds of thousands of users downloaded them.
Administrator Permissions Give Apps Control
The FalseGuide malware asked for administrator permissions. Admin permission requests are a large red flag signaling ill intent. If you grant access, you cannot delete the app later. Just say no! Battery extender apps, flashlight apps and other apps like game guides do not need such permissions to operate, so that’s your clue.
Don’t expect Google to alert you to these risks. They are quick to remove tainted apps once researchers report them but don’t publicize the problems. There’s no mention of these malware exploits in Google’s security blog.
If you’re an Android user who often downloads apps from sources other than Google Play, try Google’s Verify Apps feature. It won’t detect problems with apps in the Play store, however.
Your best move is to download only apps on Google Play from vendors you know and trust. Even good reviews are no guarantee that apps from other developers are trustworthy.
Learn more about securing your Android tablet or phone in our introduction to Android Security.