Monday, June 27, 2022
CybersecFill
Advertisement
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
CybersecFill
No Result
View All Result
Home News

25 Million Android Phones Infected with Malware Using WhatsApp

Cybersecfill by Cybersecfill
July 11, 2019
in News
0
WhatsApp Discovers new Vulnerability,Urges Users to Update their Application
Share on FacebookShare on Twitter

It has been discovered that as many as 25 million Android Phones have been hit with malware. This malware replaces installed applications like WhatsApp with evil versions that serve adverts.Cybersecurity researchers have warned on Wednesday.

Checkpoint says the malware abuses previously-known weaknesses in the Android operating system, making updating to the latest, patched version of Google’s operating system a priority.

Most victims are based in India, where as many as 15 million were infected. But there are more than 300,000 in the U.S., with another 137,000 in the U.K., making this one of the more severe threats to have hit Google’s operating system in recent memory.

The malware has spread via a third party app store 9apps.com, which is owned by China’s Alibaba, rather than the official Google Play store.

Typically, such non-Google Play attacks focus on developing countries, making the hackers’ success in the U.S. and the U.K. more remarkable.

“Due to its ability to hide it’s icon from the launcher and impersonates any popular existing apps on a device, there are endless possibilities for this sort of malware to harm a user’s device,”

They said they’d warned Google and the relevant law enforcement agencies. Google hadn’t provided comment at the time of publication.

How does this attack works?

  1.  Users download an app from the store – typically photo utility, games or adult themed apps (one called Kiss Game: Touch Her Heart is advertised with a cartoon of a man kissing a scantily clad woman)
  2. This app then silently installs the malware, disguised as a legitimate Google updating tool. No icon appears for this on the screen, making it even more surreptitious. Legitimate apps – from WhatsApp to the Opera browser and more – are then replaced with an evil update so they serve the bad ads.

The researchers said the ads themselves weren’t malicious per se. But in a typical ad fraud scheme, every click on an injected advert will send money back to the hackers, as per a typical pay-per-click system.

There’s some indication that the attackers are considering moving to Google Play. The Check Point researchers said they’d found 11 apps on Google’s store that contained a “dormant” piece of the hackers software. Google swiftly took those apps down.

Check Point believes an unnamed Chinese company based in Guangzhou has been building the malware, whilst operating a business that helps Chinese Android developers promote their apps on overseas platforms.

Alibaba hadn’t responded to a request for comment on proliferation of malware on the 9apps platform at the time of publication.

What can you do?

So what can anxious Android owners do? Check Point’s head of cyber analysis and response, Aviran Hazum, said that if users experience advertisements displayed at odd times, such as when they open WhatsApp, they should take action. The legitimate WhatsApp, of course, does not serve ads.

  1.  Go to Android settings, then the apps and notifications section.
  2. Go to the app info list and look for suspicious applications with names like Google Updater, Google Installer for U, Google Powers and Google Installer.
  3. Click into the suspicious application and choose to uninstall it.

Otherwise, staying away from unofficial Android app stores might help, given Google’s extra protections designed to prevent malware from getting on the site. Not that Google’s efforts always pay off. Earlier this week, a warning went out about an Android malware spreading over Google Play that was screen recording users banking sessions

 

Cybersecfill

Cybersecfill

An independent Nigeria cybersecurity blog.

Next Post
cybersecurity culture in Nigeria

Building a Cybersecurity Culture In Nigeria

0 0 votes
Article Rating
Login
guest
guest
0 Comments
Inline Feedbacks
View all comments
  • Trending
  • Comments
  • Latest
CEH_PRACTICAL

CEH PRACTICAL EXAM – TICKET TO CEH MASTER

February 6, 2021
Wireless Access Point

How To Secure Your Wireless Access Point (WAP)

August 3, 2019
Wifi 6 Security

Did Wi-Fi 6 come with an Improvement In Security?

May 13, 2019
credit card cloning

How Credit/Debit Cards are Cloned / Preventing Card Cloning

December 26, 2019
Nationa Cybersecurity Strategy

A Review of the Nigeria National Cybersecurity Strategy

9
Facebook

Facebook’s New Settings Allows Hackers To Easily Pentest Facebook,Instagram Mobile Applications

8
Cybersecurity Jobs

Cybersecurity Jobs – You can create your own Cybersecurity Role

4
open Source intelligence tools

Open Source Intelligence tools – OSINT

4
Suspected Head of Cybercrime Gang Arrested in Nigeria…

Suspected Head of Cybercrime Gang Arrested in Nigeria…

June 17, 2022
Types of Hackers and Hacking Protection Tips….

Types of Hackers and Hacking Protection Tips….

June 6, 2022
Types of Hackers and Hacking Protection Tips…

Types of Hackers and Hacking Protection Tips…

May 31, 2022
Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

May 19, 2022

Recommended

Suspected Head of Cybercrime Gang Arrested in Nigeria…

Suspected Head of Cybercrime Gang Arrested in Nigeria…

June 17, 2022
Types of Hackers and Hacking Protection Tips….

Types of Hackers and Hacking Protection Tips….

June 6, 2022
Types of Hackers and Hacking Protection Tips…

Types of Hackers and Hacking Protection Tips…

May 31, 2022
Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

May 19, 2022

© 2020 CybersecFill. All Rights Reserved.

No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us

© 2020 CybersecFill. All Rights Reserved.

wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply

Privacy Policy - Terms and Conditions