If you have a smartphone running Android, you may have noticed that your favorite apps from the Google Play store APKPure infected by malware. The malware appears to be targeting Huawei AppGallery and Joker/Bread. Kaspersky has released a report detailing a new Android malware campaign.
xHelper Trojan
XHelper is an Android Trojan which can download other malware onto your device. It can also show ads on your lock screen and monitor your personal information. Some versions of the Trojan can even buy premium subscriptions to apps.
According to Malwarebytes, xHelper has infected more than 32,000 devices, and has a gang of over 2,400 new victims per month. In the past six months, xHelper has infected over 45,000 devices. This means that it’s probably on its way up.
xHelper is a mobile Trojan which resembles a cleanup application. It hides itself in your system menu and redirects you to the Google Play Store to download other apps.
It has a self-reinstall mechanism which makes it difficult to remove. Even after a factory reset, it reinstalls itself and continues to show annoying pop-up notifications. XHelper has spotted in several countries, including the US, Russia, and India.
The xHelper crew is still at war with mobile antivirus solutions. They make their money from pay-per-install commissions. One way to keep your device clean is to install the latest operating system. However, this method may not work on xHelper-infected devices.
APKPure is an alternative Android app store. Like other third-party stores, it allows users to download and install different applications. But researchers have discovered that it can also infected by a malicious module.
xHelper is a piece of malware that first detected in March. Its presence has spread to tens of thousands of smartphones running the Google operating system. Despite its popularity, the app has been difficult to identify.
As a result, it has become one of the most popular mobile Trojans around. Although it has not infected any major players, it has featured in several top lists, including Check Point’s Global Threat Index in November. XHelper isn’t the only malware that has made it onto the list.
For example, the Android Triada Trojan has spotted on devices running the Android 8+ operating system. Depending on the version of the operating system, it can delete or modify local data, as well as download and install other apps.
Joker/Bread Android Trojan
Joker is a trojan-like app that infected 538,000 devices worldwide in April. The malware first detected in 2017, but it has been lurking around Android devices for years. It can download and installed through unofficial channels, such as peer-to-peer networks, and can cause significant data loss.
The Joker is also one of the largest malware threats in the Android ecosystem. This Trojan can steal information from your device, including text messages, contact lists, bank accounts, and more.
The Joker is just one of many different types of Trojans that can infect your smartphone. Others include the Android Triada, which deletes applications and can modify local data. Also known as a “spyware” and an “enhanced phishing” attack, the Trojan can act as an anonymous user on your device.
The Joker is just the latest entrant in the swarm of malicious applications that have escaped Google’s app vetting process. They’re usually distributed through untrusted download channels, and are disguise as legitimate apps.
One of the best defenses against this type of malware is to use a mobile antivirus. You should also read reviews of applications before downloading them, and make sure that they come from a trustworthy source. However, some legitimate developers use techniques to evade this protection.
These techniques include fake reviews, a decoy application, and a hidden code that connects to a command-and-control server. In the case of the Joker, these methods are use to trick users into subscribing to premium services.
Unofficial android app store APKPurei infected with malware but thankfully, Google is working hard to remove Joker-infected apps from the Play Store. But even with their efforts, the Trojan is still alive and well on third-party app stores.
One of the best defences against the Joker is to use a Play Protect security solution. This will prevent the Trojan from infecting your device.
Another defence against the Joker is to download and install a good mobile antivirus. This will not only restore your system from the damage done by the malware, but it will also prevent future infections from happening.
Unfortunately, it’s also difficult to know what to look for in these types of programs. Some are so tricky that they aren’t even detect by security software.
APKPure Infected With Malware – Kaspersky report on Android malware campaign
If you have an Android phone, you might want to read this Kaspersky report on a recent malware campaign that targeted users in the Middle East. This campaign appears to be an attempt by a nation-state-backed cyberespionage operation.
The malware is a backdoor-type attack tool that steals data from the user’s device without letting them know they’re exploited. Aside from the backdoor, the payload capable of stealing data and uploading it to a remote server.
The malicious application is disguise as a legitimate news app. It keeps track of users’ GPS location and SMS messages, as well as their contacts.
The malware is back by a state-sponsored hacker’s group that primarily targets activists and political organizations. The malware’s ability to bypass two-factor authentication is another intriguing feature.
The malware also uses a backdoor to execute shell commands on the infected device. Another unusual feature of the campaign is that it was advertise via Telegram, which is ban in Iran.
Another noteworthy aspect of the campaign is that the malware was able to distribute itself through Google Play. Though the company did not attribute the attackers to a specific group, the fact that they did not seem to be interested in mass-spread suggests the malware is a product of a nation-state-sponsored operation.
In addition to the mobile banking trojans and spyware, the Kaspersky report reveals that the campaign also contained mobile ransomware tools. These ransomware threats can target Android users and their banking information.
According to the Kaspersky report, the number of mobile malware attacks has increased dramatically. More than 47,778 victims around the world infected with a variety of different threats. While there are no specific numbers on the overall size of the malware campaign, Kaspersky noted an expansion of the attacks during the third quarter.
Overall, the Kaspersky report demonstrates the growing number of sophisticated APT campaigns targeting both iOS and Android devices. As these types of attacks become more widespread and geographically distributed, it is likely that more people will become vulnerable to cybercriminals.
The Kaspersky Security Bulletin is a series of reports on the cybersecurity industry, including insights and analysis on shifts in the cybersecurity sector.
Huawei AppGallery apps infected
APKPure, an alternative app store for Android users, was recently infected by malware. The malware was able to infect users’ devices with Trojans. These Trojans were able to download other forms of malware and even sign-up users for premium mobile services.
Several apps found to infect with the malware, which developed by three different developers. Apps like Super Keyboard, Color Rolling Icon, and Happy Color were among those that infected.
As a result, Huwaei, a Chinese electronics company, has removed the decoy applications from its App Gallery. However, it has not responded to questions about its defences against malware.
Huawei’s App Gallery has a hefty database of 45,000 applications. While it is one of the most popular app stores for Android, it lacks the advanced security controls of Google Play.
When downloading apps from non-App Gallery sources, Huawei warns users to avoid sensitive information such as banking credentials. This is because attackers can use the unofficial repository to compromise the device.
To prevent an attack, you should install a parental control like AirDroid to block inappropriate apps from APKPure. You can also download a tool like Petal Search.
It is important to note that while the Petal Search system has not been subject to any official user complaints or copyright claims, it does recommend APK files from sites such as APKPure.
APKPure’s developers have not reached for comment. However, the website does claim that all apps in its shops are safe. That’s why several Android fans prefer it over Google Play.
One of the key security features of APKPure is the fact that it bypasses Google’s vetting process. Although it does verify the digital signature of apps, it does not offer as many security features as the Google Play store.
Users who downloaded the infected apps are advise to remove them. However, the applications will remain on the user’s device.
Because of the vulnerabilities of APKPure, it’s best to download apps only from official sources. And remember, Google Play protects you with machine learning technology. Moreover, it’s important to keep your phone up to date with the latest Android versions.
Recommended reading: Malicious Apps – Millions Downloads From Apple and Google App Stores
