Dozens of fake security apps which secretly stole data from users have been discovered on and subsequently removed from Google Play.
Cybersecurity firm Trend Micro found 36 apps on Google Play which “secretly harvested user data, tracked user location, and aggressively pushed advertisements.”
It is not known how many people could have downloaded these apps before Trend Micro’s researchers informed Google, and they were subsequently removed from Google Play.
Google did not respond to enquiries from Sky News.
Bharat Mistry, principal security strategist at Trend Micro, told Sky News: “Malicious apps are starting to become more common globally as cybercriminals are starting to realise the potential to easily monetise the wealth of sensitive personal information.”
Dr Michael Covington, vice president at mobile security company Wandera, told Sky News: “Malicious content on a mobile phone is becoming the new normal.
“We used to see attackers targeting users on desktops with dangerous e-mail attachments or malicious downloads in a browser. On mobile it is far easier to trick the user into downloading a malicious app or tapping on a phishing SMS.
“Mobile malware is up 100% year-over-year and there are no signs of slowing,” said Dr Covington. “Further, the severity of mobile malware is up over 400% year-over-year.”
The malicious apps that Trend Micro found only targeted Android phones.
“Android tends to have more malware for a variety of reasons.
“For starters, there’s the issue of platform diversification. With so many manufacturers building devices that run Android, Google cannot be as stringent with their app reviews. Google is notorious for having a more lax app review process than Apple,” said Dr Covington.
“The perception is fake apps are more likely to be prevalent on Android than iOS platforms primarily due to Android’s open community and developer platform which allows users to install applications from trusted and untrusted stores easily without little or no modification on the device,” agreed Mr Mistry.
“Attackers targeting mobile users don’t care what platform their victim prefers. Our research indicates that there are more malicious apps on Android, whereas iOS users are more likely to encounter a phishing attack,” said Dr Covington.
How to protect yourself?
“First and foremost always use a reputable app store such as Apple’s App Store or Google Play,” said Mr Mistry.
“Secondly, before downloading an application, look at the developer and make sure that is also from a reputable source, ie do a separate search on the Internet about the developer and the application name to check the reputation of an application.
“Download a reputable malware scanning application from trusted application store and scan the device or any malicious code.
“In addition, if you think the app has stolen credentials for banking, social media and other applications, think about resetting the password for those applications using another device or desktop.”