Google’s Play Store is home to millions of applications. As the number of Android-based phones continues to grow, cybercriminals have begun to target the app store with a variety of malicious tools such as malware and adware. Unfortunately, these malicious apps make their way to the Play Store and are usually detected once they have already been downloaded thousands or millions of times.
According to a new report by Upstream, the number of apps identified as malicious has doubled in the first quarter of 2020, compared to the first quarter of 2019. Smartphone users need to check the authenticity of an app before downloading. Be vary of applications that seem intrusive and seek unnecessary permission.
A quick search on Play Store for a popular app will show a long list of apps that have a similar thumbnail, reference screenshots for in-app UI, and even name. In the recent past, we have seen fake Aarogya Setu apps swamping the app store. Another important thing user should avoid is trying to download additional apps that claim to enhance an existing app.
Ideally, Google should have never allowed these apps to get published on the app store. The company does have a stringent policy for malicious apps. It is not effective. Meanwhile, you can look at this list of apps that can harm your privacy.
This was the most notorious app in 2020. With downloads over 40 million times, Snaptube was caught making millions of suspicious transactions without users’ knowledge. Developed by a China-based company called Mobiuspace, the app allowed users to download videos and audios from sites such as YouTube and Facebook.
“It delivered invisible ads, generating non-human clicks and purchases while reporting them as real views, clicks and conversions to the advertising networks that served them. These ads were hidden from users,” Upstream Systems wrote in its report.
Fake WhatsApp apps
WhatsApp is the most popular instant messaging app in the world. This also makes it a hot target for cybercriminals. Several fake WhatsApp apps make extraordinary claims. A quick search on Play Store reveals many apps that claim to help you download status, bring new text styles, or add a layer of lock to the app. All these apps have green WhatsApp logo-inspired thumbnail giving an impression they are legit.
Fake Aarogya Setu app
Aarogya Setu, India’s official contact-tracing application, has over 12 crore users. Just recently, Himachal Pradesh Police warned about the fake Aarogya Setu apps. Police said fraudsters have devices malicious links on the fake name of the app and are being shared through apps like WhatsApp. It pointed out that fraudsters are trying to inject virus by installing mischievous links like “face.Apk, imo.Apk, normal.Apk, trueC.Apk, snap.Apk and viber.Apk”.
Last month VPNPro claimed that the popular VivaVideo asked for “dangerous permissions” such as the ability to read and write files to external drives. Developed by Chinese company QuVideo Inc, VivaVideo has nearly 100 million installs. The company has also published several other apps such as SlidePlus with similar intrusive permissions.
AnyDesk is a popular app that allows users to remotely access PC or phone. As the description suggests, it can be very intrusive and get misused. Last year, the cybersecurity and IT examination cell of the Reserve Bank of India (RBI) issued a warning against the AnyDesk app saying it was getting misused by fraudsters to gain access to users’ devices.
Paytm, earlier this year, started showing a “security alert” prompt to users who had apps like AnyDesk or TeamViewer installed on their phones. The Paytm app will not work until users have uninstalled these apps.
UPDATE: Paytm has withdrawn the warning for AnyDesk or TeamViewer.
Copyright © HT Media Limited
All rights reserved.