Malware remains a significant issue for Android with Android devices attracting 79 % of malware attacks (DHS and FBI survey). The world's most popular operating system is a primary target for malware attacks. Two new threats for Android have recently come to light. These include a malvertising scam and a malicious app that can spy on your SMS messages with the potential of causing much more trouble.
Scammers have been playing on malware fears of users by tricking them into downloading security software that is actually malware itself. This scam however does not induce users to download software but is a monetizing scheme.
Malvertising is the use of advertising to extract personal information from users or to spread malware. The scam includes malvertisement messages appearing in several legitimate applications as Android notifications. Tapping the ads redirects users to a web page that declares the device to be infected by viruses and suggests downloading a tool to get rid of them.
However, the purpose of this attack is not to infect devices with malware but to monetize it. Victims are induced to enter their phone number which is then used to sign them up for a costly ringtone and wallpaper service.
The scam can target a huge range of Android users and is not limited to a specific country. It exploits users' geo-location to connect them with relevant affiliates.
Since the attack does not involve installing a malicious app on the phone, mobile security software cannot protect against this threat. However, Android users who have been hoodwinked into subscribing to this service can unsubscribe from it. The web page that announces the device to be infected with malware contains a section on Terms and Conditions below the Download button. According to these, users can unsubscribe from the service by sending an SMS with the text STOP.
Smartphone users are being increasingly targeted by scare ware distributors. Users need to be on guard against such fake alarming messages that can damage their device or entrap them in a phishing scam.
App Concealing Spyware
Another threat is a malicious app that can spy on your SMS messages. However it is more than just an SMS spy and capable of controlling the device completely, even though the bad guys haven't done that yet.
It disguises itself as the Google setting app and does not create shortcuts on the Android desktop. The hackers can send command and control messages via Google cloud messaging.? The app can read commands enabling the hackers to access messages, track location, block calls, observe and contact. The hacker can access the phone even if the app is not actively running on the device. Hence, they can control the phone and spy on all communications via this malicious app.
Fortunately, the app does not reside on any app store. However, its existence in the app world is still threatening. It could be used to dodge the two step verification codes sent to android devices. People could use it to spy on others without realizing its full potential.
The app highlights security threats associated with third party apps. The best Android security software should be able to detect this spyware and provide tools to remove it. However, it is best to keep an eye out for such software and stay clear of it in the first place. It is best to avoid trouble by exercising extra caution when installing apps.