One of the things they tell you when you have an Android phone, tablet or some other device is not to sideload software because this is the easiest way to pick up viruses. The presumption is that everything in the official Play Store is kosher. However, nothing can be further from the truth. As we have detailed here time and time again a number of apps with malware, some with millions of installs, have been found in the Play Store on a number of occasions.
The latest incident was reported by security company Dr Web who are behind the famous Dr Web antivirus. In a post published on the first day of this month the company said they had discovered about 6 apps in the Google Play Store that were stealing people’s Facebook logins (i.e. emails) and passwords. Such apps are known as stealer trojans and were being distributed hidden in several utility apps that had millions of installs.
The affected apps were:
- PIP photo by a developer named Lillians which had the most installs (with about 5 million downloads).
- Processing photo by a developer known as chikumburahamilton (that’s a very African sounding name if you ask me) which had been downloaded 500 0000 times.
- Horoscope Daily-by a developer known as Hscope Daily mom which had 100 000 downloads.
- Inwell Fitness by Reuben Germaine with 100 000 downloads
- Rubbish Cleaner by SNT.rbcl with 100 000 downloads
- App Lock Kepp by Sheralwa Rence with 50 000 downloads
- App Lock Manager by Implummet col with 10 000 downloads
- Lockit Master by Enali mchicolo with 5 000 downloads
- Horoscope Pi by Talleyr Shauna with 1000 downloads
The apps had total downloads of 5.8 million, but while this is alarming I highly doubt that it means 5.8 million devices were infected. First, there is likely overlap with people who had one app having the other. There is also the little matter of how Google Play defines an installation. Downloads show the “total User Installs (total number of unique users who have ever installed this app on one or more of their devices).”
So this includes even the people who originally installed the app and then uninstalled it, even if the whole install uninstall process took less than 10 minutes. I do install all kinds of software when looking for an app to scratch a specific itch and if I don’t like the app I just installed I uninstall and install another. In Google’s mind, that very short install counts as a download forever.
There is also a matter of how so many apps by different developers ended up with the same virus. I think I know the answer. The malware distributors are likely going after certain apps, buying them and pushing new updates injected with malware. This happens once in a while in the WordPress community for me to think it’s probably the same in Android as well. The old owner is gone and what you have is a new malicious owner who bought a slightly popular app for nefarious purposes.
If you have one of these apps uninstall it!
One big weakness of the Android ecosystem is when something like this happens, Google simply removes the offending apps from the Play Store and bans the developers. The only way to learn about the infection when we or some other blog publishes the issue. It would be nice if they added functionality to the Play Store that would warn those with the infected apps already on their devices to uninstall them.
That’s right. If you already have the above apps on your phone, uninstall them now. You should also change your Facebook password and turn on two-factor authentication. As already pointed out, these apps had malware that stole passwords and logins (phone number or email associated with your Facebook account).
In fact, you should make it a habit to turn on two-factor authentication whenever it’s available. Not having it turned on makes you vulnerable. To do this on Facebook follow these steps:
- Login into your Facebook account
- Reset your password first
- Now login back again
- In the top right hand corner select Settings and privacy
- Select settings
- Select Security and login
- Take note of the devices you are logged into which are highlighted using a green colour. You will see the name of the device and other useful information such as the location e.g. Harare. Be mindful that this information is not always accurate even for bona fide logins. If there is a device you don’t know log out of it. If you made a mistake you can always log back in.
- Now Scroll down until you get to the “Use two-factor authentication” option and click on Edit
- Choose the securit method that you want to use. I would recommend SMS if you are just starting out.
Share
Home
What’s your take?