Hackers have wormed their way into the Google Play Store, as evidenced by the recent BankBot malware trickery. Simple dummy apps doubled as Trojan horses, and once an unsuspecting user downloaded these flashlight or solitaire apps, they also downloaded and installed the malware onto their device. Then, when they would try to open their banking app, the malware would actually pose as the banking app by creating a fake overlay over the real banking app and trick the user into entering their banking details. The kicker here was that the dummy apps actually worked! Your new flashlight app was a flashlight . . . until it started wreaking havoc on your day and your bank account.
Are there really viruses for Android devices?
When it comes to virus threats, Windows computers are the typical victims, and we have covered threats such as ransomware extensively on this blog. But PCs are not the only targets. Hackers also want to get into your mobile device. They target smartphones with malware hiding in apps that may appear to be games or simple utilities (such as a flashlight app). Once on your device, they work in the background to steal your personal information.
How could my Android device get infected?
As BankBot demonstrates, malware-ridden apps can in fact be downloaded directly from the Google Play Store. It is important to note that this is an exception rather than the norm. Nevertheless, the best advice is to download apps only from reputable app stores, as well as having a trustworthy security app installed. By using a reputable anti-malware scanner, you can stay safe and gain peace of mind.
How can I protect myself and my Android device?
Here are six easy tips that will help keep your Android device malware-free.
- Read app reviews. Before installing a new app, read the reviews, both positive and negative. Notice if reviewers comment on whether or not the app does what it says it will do. If you notice comments like “this app doesn’t do what it promises” or “this app is packed with adware,” think thrice about downloading: this could be a sign that something malicious is associated with it.
- Check app permissions. Before you download the app, look closely at its app permissions to see if they make sense. Granting incorrect permissions can send your sensitive data to cybercriminals. If anything seems out of the ordinary or beyond what seems appropriate, just say no.
- Always use official app stores. While BankBot did manage to creep inside Google Play, that’s a rarity. App files from forums, email attachments, or alternative third-party app stores are much riskier, and put you in greater danger of encountering malware. As a rule, only install apps from official app stores.
- Check your security settings. Go to your Android device’s security settings and make sure that the “Unknown sources” field is unticked. (Settings>Security>Unknown sources.) Essentially, this prevents installing anything other than apps from Google Play Store, including websites that attempt to trick you with “drive-by download” attacks, automatically downloading a malicious app when you visit the site on your phone.
Do not tick the box! (see above)
- Install app and Android updates. These updates frequently contain security patches that protect against newly discovered exploits and threats. We recommend that you always keep your software up-to-date with the latest release.
- Use a trusted Android security software. Security software, such as Avast Mobile Security, can protect your device against malicious activities. If you notice your device behaving strangely, or your battery is draining unusually fast, you may have malware on your device. Avast Mobile Security acts as a strong layer of defense by blocking malicious apps, keeping you safe.
Bottom line: Before downloading and installing an app, exercise common sense. By including an additional security layer combined with good decision-making, you can reduce the threats you may encounter on your device.