Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319


Hackers mimic popular Android antivirus to infect devices with malware

Image Description

A new series of malicious Android applications have been identified, all of which appropriate familiar branding to lull potential victims into a false sense of security.

According to researchers at security firm Bitdefender, cybercriminals are distributing malware-rigged versions of various popular apps, including media player VLC, Kaspersky antivirus, and applications from FedEx and DHL.

Once installed, the fraudulent apps infect devices with either Teabot or Flubot, a pair of nasty banking trojans first discovered earlier this year.

The former strain is reportedly capable of intercepting messages and Google Authentication codes, logging keyboard strokes, performing overlay attacks and, in some cases, seizing full control of the infected device.

Flubot is not quite as complex, but is still equipped with the tools to lift banking credentials, messages and other types of private data from the device. The malware also exhibits “worm-like behavior”, spreading itself via malicious SMS messages sent out from infected devices.

Fake Android apps

Although malicious applications have been known to make their way onto Google Play Store on occasion, the majority of threats can be avoided by downloading content from reputable sources only.

This is certainly true of the threats discovered by Bitdefender, which are not hosted on Google Play and can only make their way onto an Android device via sideloading.

“Spreading malware on Android devices is not easy, as the official store can usually prevent these types of apps from reaching users,” noted Bitdefender. “But one of Android’s greatest strengths, the ability to sideload apps from non-official sources, is also a weakness.”

“Using a combination of tricks to persuade users to install apps outside of the official store, criminals spread most of their malware through sideloading.”

In the report, the researchers make clear that the malware campaign is not a reflection of the security standards of the original, legitimate apps. Cybercriminals have simply co-opted recognizable branding as a means of social engineering.

At the time of writing, the malware campaign remains active, so Android users are advised to exercise caution when downloading content from non-official sources and to shield their devices with leading security software.


01 Jun 2021



Other Blog

  • Google wants to help improve memory safety in Linux kernel

    Google throws its weight (and money) behind the effort to add Rust to Linux as a second language.

    Read More
  • Google has a cunning plan to address false positive security alerts

    An overload of security alerts can make it difficult for IT and security teams to find pressing threats which is why Google Cloud is adding a new “Mute Findings” capability to its Security Command Center (SCC).

    SCC is the search giant's security and risk management platform that is used by organizations to manage and improve their cloud security and risk posture. The platform provides visibility into cloud assets to help businesses discover misconfigurations and vulnerabilities, detect threats and to maintain compliance with industry standards and benchmarks.

    According to a new blog post from Google Cloud, SCC is constantly evolving with new capabilities to help make security operations and management processes more efficient. To this end, the company has added a new Mute Findings capability in SCC that helps organizations effectively manage findings based on their policies and requirements.

    While SCC presents potential security risks in an organization's cloud environment as 'findings' inclusive of misconfigurations, vulnerabilities and threats, a high volume of findings can make it difficult for security teams to identify, triage and remediate the most critical risks to their business.

    Mute Findings

    With the launch of Google Cloud's new Mute Findings capability, organizations gain a way to reduce the volume of findings and focus on the security issues that are highly relevant.

    This new capability can also help save organizations time as they no longer have to review or respond to findings that are identified as acceptable risks within their environment. For instance, alerts for assets that are isolated or fall within acceptable business parameters may not need a security team's immediate attention or might not even need to be remediated at all.

    However, once findings are muted, they will still continue to be logged for audit and compliance purposes. Organizations also have the ability to review muted findings at any time even though they are hidden by default in the SCC dashboard.

    Google Cloud's Mute Findings functionality is now available in SCC through the Google Cloud Platform console, gcloudtool and API and the company has also provided documentation for organizations interested in leveraging this new capability.

    Looking to improve your security posture? Check out the best antivirus software, best firewall and best patch management tools

    Read More
  • How much does a POS system cost? What you need to know about point of sale prices

    Need guidance on how to choose a POS system for a restaurant, retail, or small business? This quick guide will help you with understanding the costs involved

    Read More
  • You can now make calls through Microsoft Teams

    Microsoft is expanding the calling capabilities in Teams with a new service and dedicated phone systems from its partners.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us