With smartphones become increasingly capable, thanks to the many apps that can be installed, people are trusting their device with more data than necessary.
Hackers know this too well, and this is why they are always on the move, lurking in the shadows, waiting to prey on their victims. The most popular way, would be using malware to create a backdoor on victims' device, in order to steal data, or do other malicious things.
And this time, there is a malware is gaining huge popularity, researchers have just found.
Dubbed the 'Facestealer', the malware spreads mainly through Google Play Store.
When infected apps are downloaded and installed, the malware will work by stealing personal information, including credentials of victims' social media by forcing fake logins.
More annoyingly, the malware will pop up way too many invasive ads.
While the malicious apps in question came from a range of categories, the most common were:
- Fake VPN services.
- Camera and photo editing apps.
- Cryptocurrency-related apps.
These apps were able to bypass Google Play's built-in antimalware and scrutiny. The way the apps did this, is by using sophisticated methods to hide their illicit intentions.
It was security researchers from Dr.Web who first discovered this Facestealer malware.
When it was initially found back in 2021, the researchers reported that Facestealer was hiding in at least 10 Android apps.
This time, Trend Micro reported that the malware is hiding in at least 200 apps, almost all of which were available on the Google Play Store and other third-party marketplaces.
One of the apps, named Daily Fitness OL, claims to be a fitness app, complete with exercises and video demonstrations. But like the initial variant, it was designed to steal the credentials of its users.
Fortunately, the apps were found weeks later, and were taken down.
Unfortunately, many of these apps managed to rack up thousands of downloads in the few weeks they were available.
It's worth noting that Facestealer apps are disguised as simple tools, and this fact made them attractive lures.
It's also worth noting that the Facestealer-infected fake cryptocurrency miner apps not only try to profit their operators by scamming victims into buying fake cloud-based cryptocurrency-mining services, but they also try to harvest private keys and other sensitive cryptocurrency-related information from users who are interested in what they offer.
Facestealer is just one out of the many many malware plaguing the Android ecosystem.
While there is definite way to stop malware from ever popping up on Google Play Store, users can actually avoid installing malicious apps by checking their reviews, especially the negatives ones, to see if there are any unusual concerns or experiences from actual users who have downloaded the apps.
Android users should also apply due diligence to the developers and publishers of these apps, so that they can better avoid apps with dodgy websites or sketchy publishers, especially given the number of alternatives on the app store.
And lastly, users should avoid downloading apps from third-party sources, since these are where many malicious actors host their fraudulent apps.