Multiple malicious Android apps have been detected impersonating some of the platform's most popular tools, but anyone who installs the impostors could have their login credentials or other highly sensitive information stolen from their device.
A report from cybersecurity researchers SonicWall Capture Labs described the observation of multiple applications impersonating Google, Instagram, Snapchat, WhatsApp, Twitter and others, primarily by using icons that appear almost identical to those used by legitimate applications.
“This malware uses famous Android app icons to trick users and trick victims into installing the malicious app on their devices,” the researchers said. They did not discuss who the cybercriminals behind the campaign are or how they distribute these applications. An educated guess would be through fake websites, instant messaging platforms, phishing, and more.
More and more sophistication
They also did not say who the most popular targets are or where they are located. We've reached out to SonicWall with additional questions and will update the article when we hear back from them.
Once the malware is installed on the Android device, it will first request permissions from Accessibility Service and Device Administrator Permission (the latter is present on older models), which should be enough of a red flag for anyone.
Still, if the victim grants these permissions, the application can connect to its command and control (C2) server to receive more commands for execution, access the device's contact lists, SMS messages, call logs and the list of installed applications. . You can also send SMS messages; Open phishing pages in web browser and turn on camera flashlight.
The best way to protect yourself from malicious Android apps is to only download them from legitimate sources, always check user ratings and reviews, and be aware of the permissions the app requests during installation.
