malicious apps Archives

AppWizard

February 20, 2025

Your Android phone could have stalkerware. Here’s how to remove it

Consumer-grade spyware applications, often referred to as "stalkerware" or "spouseware," pose significant risks to Android users by monitoring private messages, photos, phone calls, and real-time locations without consent. These apps are typically downloaded from outside the Google Play Store and can be stealthily installed, often disappearing from the home screen. Stalkerware exploits legitimate Android features, leading to unusual phone behavior such as excessive heat, sluggish performance, or unexpected data usage. To address spyware, users should establish a safety plan and trusted support before attempting removal, as this could alert the installer. Google Play Protect should be enabled to scan for harmful apps. Users should check for unfamiliar apps in accessibility services, review notification access for third-party applications, and inspect device admin app settings for unrecognized applications. Even hidden stalkerware apps will appear in the list of installed applications, which can be accessed through the settings menu. Strengthening device security, such as enhancing lock screen passwords and using two-factor authentication, is recommended. Resources for support include the National Domestic Violence Hotline and the Coalition Against Stalkerware.

AppWizard

February 19, 2025

Chrome for Android adds new protection against malicious apps

Google is enhancing security measures for Android users by introducing a feature in Chrome for Android that will scan APK files for malware. This feature, currently in testing in Chrome Canary, will automatically check the safety of newly downloaded APK files, providing extra security for users who sideload applications. Play Protect already scans newly downloaded apps for malware and monitors installed applications for potential threats, alerting users and managing app permissions. The upcoming feature aims to improve security for sideloaded applications and reduce risks associated with harmful installations.

Tech Optimizer

February 17, 2025

Mac users beware: AI-powered malware threats are on the rise

Apple devices, particularly Macs, are facing an increase in cyberattacks, with a new wave of sophisticated malware targeting sensitive data. The emergence of Atomic Stealer (AMOS) in mid-2023 marked a shift from less harmful adware to more serious threats, with AMOS being marketed as a user-friendly service. By mid-2024, Poseidon became the leading Mac information stealer, responsible for 70% of infections and capable of draining various cryptocurrency wallets and capturing sensitive credentials. Cybercriminals are also using malvertising to lure users into downloading disguised malware. Android users are experiencing an even more severe situation, with a significant rise in phishing attacks. In 2024, researchers identified 22,800 malicious apps designed for phishing, along with thousands capable of reading one-time passwords (OTPs). These apps often mimic legitimate software and can easily infiltrate app stores, including Google Play. While Google Play Protect offers some malware protection, it is not entirely effective. To protect against malware threats, it is recommended to use strong antivirus software, be cautious with downloads and links, keep software updated, use strong and unique passwords, and enable two-factor authentication (2FA) for critical accounts.

AppWizard

February 14, 2025

Android 16 will fight scammers by blocking certain features during phone calls

Google is developing a new security feature for Android 16 that will block changes to sensitive settings during phone calls to protect users from phone scams. This feature will prevent users from enabling sideloading permissions and granting accessibility access while on a call. A warning message will be displayed if users attempt to make such changes, informing them that these actions are prohibited during calls. The sideloading permission is disabled by default, but users can enable it through settings, except for those with Advanced Protection Mode activated. These security features are expected to be included in the public release of Android 16 later this year.

AppWizard

February 7, 2025

Google is ramping up Android security protection with new Android app safety tools

Google's Android Security and Privacy Team has partnered with Mandiant FLARE to enhance the capa open source binary analysis tool, which analyzes ARM ELF files used in Android malware. The integration of Gemini AI into this toolset aims to improve malware analysis and decision-making. A case study demonstrated the detection of an illegal gambling app disguised as a music app that used various anti-analysis techniques. By employing static analysis with capa, Google was able to identify and remove the app from the Google Play Store. New rules have been developed for capa to detect Android-specific malware behaviors, such as ptrace API calls and code downloading and decrypting methods. The incorporation of Gemini AI aids analysts by summarizing flagged functions and assessing risk levels, thereby accelerating malware detection and rule formulation.

AppWizard

February 4, 2025

Remove These 12 Android Apps Now—They’re Secretly Capturing Your Conversations

Some Android applications are covertly monitoring conversations and collecting personal data without user consent. Cybersecurity firm ESET identified six malicious apps on Google Play and another six on third-party app stores that disguise themselves as legitimate messaging platforms. These apps harvest data such as text messages, call logs, and recorded conversations. Hackers also employ tactics like creating fake romantic connections to persuade victims to download infected apps, such as those containing the VajraSpy Trojan, which records conversations and accesses personal files. Three groups of dangerous apps include: 1. Messaging apps disguised as secure platforms (e.g., Hello Chat, MeetMe, Chit Chat) that steal contact information and SMS messages. 2. Apps exploiting accessibility features (e.g., Wave Chat) that can intercept messages and record phone calls. 3. A fake news app that seeks access to personal data without messaging capabilities. A list of malicious apps includes: Rafaqat, Privee Talk, MeetMe, Let’s Chat, Quick Chat, Chit Chat, YohooTalk, TikTalk, Hello Chat, Nidus, GlowChat, and Wave Chat. Six of these apps were downloaded over 1,400 times each before being removed from Google Play. To protect privacy, users are advised to uninstall suspicious apps, change passwords, enable two-factor authentication, run security scans, and stay informed about cybersecurity threats.

AppWizard

February 4, 2025

Google Relies On AI-Assist Threat Detection to Keep Android Safe

Google blocked 2.36 million apps from being published in 2024 due to violations of Google Play policies and banned over 158,000 developer accounts for attempting to distribute harmful applications. The company prevented 1.3 million apps from gaining excessive access to users' sensitive data. Over 92% of human reviews for harmful apps were AI-assisted, allowing for quicker and more accurate actions. Google implemented new requirements for developers to enhance transparency regarding data handling and introduced a "Data deletion" option for apps. Over 91% of app installations on the Google Play Store utilized the latest protections from Android 13 or newer. Google Play Protect scanned more than 200 billion apps daily and identified over 13 million new malicious apps from outside Google Play in 2024.

AppWizard

February 3, 2025

Delete These 12 Android Apps That Are Secretly Recording Your Conversations

Smartphones are essential in daily life but pose risks due to malicious applications that threaten privacy and security. ESET security researchers identified 12 Android apps that covertly record conversations and steal sensitive data, disguised as legitimate messaging platforms. These apps were distributed through a cyberespionage strategy that exploited the Google Play Store. Victims were initially lured through online romance scams, leading them to download apps for "secure communication," which then operated covertly. The malicious apps fall into three categories: 1. Basic Spyware: Apps that offer basic messaging features while secretly gathering personal information, including contacts and location data. 2. Advanced Interception: More sophisticated apps that intercept messages from platforms like WhatsApp and Signal, and can activate the microphone to record calls. 3. The “Innocent” App: Apps that appear benign, such as a news platform, but still request personal information and can access contacts. The 12 identified apps to delete include: Rafaqat, Privee Talk, MeetMe, Let’s Chat, Quick Chat, Chit Chat, YohooTalk, TikTalk, Hello Cha, Nidus, GlowChat, and Wave Chat. These apps were available on the Google Play Store and collectively had over 1,400 downloads before being removed. The main danger of these applications is their ability to operate silently, compromising user privacy by recording audio, tracking location, and stealing information without user awareness. Users are advised to uninstall these apps immediately and conduct security scans with reputable antivirus software. Caution is recommended when downloading apps, emphasizing the importance of using trusted sources and being skeptical of unsolicited recommendations.

AppWizard

February 3, 2025

Google will now automatically revoke permissions from harmful Android apps

Google has introduced a new feature in its Play Protect service that automatically revokes permissions

AppWizard

February 3, 2025

Google can now auto-disable permissions from risky Android apps

Google Play Protect is enhancing security for Android devices by automatically disabling app permissions for potentially harmful applications, preventing access to sensitive information. Users can restore permissions but must confirm their decision, promoting caution. Play Protect scans all apps, including sideloaded ones, and blocks harmful applications based on threat levels, scanning over 200 billion apps daily. It also prevents users from disabling Play Protect during phone and video calls to combat social engineering scams. In 2024, Google blocked 2.36 million policy-violating apps and banned over 158,000 fraudulent developer accounts, introduced live threat detection for Pixel devices, and launched a verification badge for trustworthy VPNs.