For 2016, SophosLabs processed more than 8.5 million suspicious applications for Android. Over half of those were malicious software or some type of adware created to gain click through revenue for cybercriminals. Five types were particularly annoying for users. They ranged from the pretenders that posed as something else to the lurkers in the background that have the capability to do just about anything they want to the infected devices.
CopyCat disguises itself as something else and makes it onto devices via third party app stores. Checkpoint estimates that around 4.9 million fake apps were installed and that CopyCat produced over $1.5 million for cybercriminals. Once it is on a device, it can disconnect the Android security system and remain undetected for quite some time. It affects Android operating systems from version 5.0 and before.
Don’t sideload applications. This means to avoid downloading them from locations other than the official app store. In this case, it is the Google Play Store. These sideloaded apps often house malware. While malicious apps have been found in the Google Play Store, the risk is lower due to the additional security checks that happen before they can be placed there.
Dvmap has been downloaded more than 50,000 times since March. It can inject code into the system that prevents Android from detecting malevolent programs. It was most often found in a puzzle game called “Colourblock.”
Malware authors frequently target gamers. Research all apps that you intend to download to your devices before doing so. Check the reviews and if there are not many and those are all glowing endorsements, consider waiting for a while longer. This can signal fake or malicious apps.
GhostCtrl can pretty much do anything it desires once it is on a device. It can secretly film and record user activity, restrict device functionality, collect data, freeze the device, or combine all of the above.
Always backup your devices. If it’s a mobile device, it can be backed up to a computer or to cloud storage. If it’s a computer, the cloud is also an option, as is an external hard drive.
Marcher poses as an Adobe Flash update for Android. It can steal login credentials from more than 40 retail, social media, and banking apps. It was previously found posing as the popular Super Mario Run game.
Stay on top of the actual updates for your devices. Adobe stopped developing a Flash update for Android years ago. If you see a notification that you need to update it, pay attention. It could be this or some other type of malware.
SpyDealer comes in at least three active flavors. It can steal data from more than 40 apps including Facebook, Skype, and WhatsApp, as well as the Firefox browser. It spies on users and can access contacts, call histories, can answer and record phone calls, can take screen shots, and record video and audio. It isn’t known how SpyDealer makes it onto a device, but it’s suspected from compromised wireless networks.
Avoid using public wireless when possible. Even if a password is required, it’s still public and no one is controlling activities of those logging onto it. That adds risk. Download your apps from a connection you know is safe.
As always, make sure antivirus and, if possible, anti-malware software is installed and kept updated on all devices. Other than your own knowledge of security threats, this is the best next line of defense for keeping your devices and information safe.