These apps are dangerous.
getty
Google is cracking down on sideloading. Users will only be able to install apps from verified developers without a number of painful extra steps. Now a new warning has just highlighted why this is being done and why it’s so critical.
Google has now taken action against a raft of malicious apps exploiting its ecosystem and cloud services to attack phones. These app and account “takedowns help reduce active abuse,” Zimperium says in a new report. But it’s an ongoing game of whack-a-mole that “underscores why detection and prevention at the device level remain critical.” That plays into Google’s latest innovations around on-device app screening.
ForbesDo Not Google These 2 Words—New Warning For Millions Of Apple UsersBy Zak Doffman
The new campaign replicates popular apps “such as Google, YouTube, WhatsApp, Instagram, Facebook and TikTok,” Zimperium warns, “to trick users into downloading the malicious software and granting it extensive permissions.” You must beware all these new replica apps. Do not be tricked into installing any of them.
The apps are distributed “via Telegram, Discord, and MediaFire links, as well as similar channels, while impersonating dozens of popular brands.” Look for APKs from popular brands which are “presented as ‘mod’ or ‘pro’ versions of legitimate apps, so victims believe they are getting enhanced or premium functionality.”
Brands impersonated in new attacks.
Zimperium
If you fall for the lure, you’ll install the Arsink Remote Access Trojan (RAT) on your phone. This grants hackers control over much of your device. That includes recording audio through your phone’s microphone, harvesting messages, contacts and account details, stealing photos and other files, making calls, even wiping the device.
The attack is stealthy and persistent. The RAT “hides its launcher icon to reduce detection by casual users, launches a foreground service that keeps running despite task killers and displays a persistent notification to prevent the service from being terminated.” It also maintains a connection to its handlers.
ForbesChrome And Safari Warning—If You See This, You’re Being HackedBy Zak Doffman
This has already hit multiple countries and claimed tens of thousands of victims and will now evolve. “The Arsink operation has a truly global footprint, as it is not confined to any specific geographic area. From the analysis of victim telemetry and publicly accessible C2 dumps, we identified ≈45,000 unique infected IP addresses spanning some 143 countries across the Middle East, Asia, Africa, Europe, and the Americas.”
The advice is simple. You must not install popular apps or variants of popular apps via messengers, online forums or direct links. Only use Play Store or other official stores. If you see a “mod” or “pro” version of a popular app, do not fall for the trap. Google says this RAT is not currently infecting Play Store apps and Play Protect will safeguard users when on. Make sure it’s enabled and do not pause its protection to install apps.