Beware Social Media Used To Spread Malicious Apps That Spy On You
By: Jim Stickley and Tina Davis
May 24, 2018
Infected apps are becoming a bigger and bigger problem for the Google Play Store. Now it looks like it’s a problem for social media as well. If it’s an issue for the Play Store and social media platforms, it’s a huge problem for the billions of consumers of both. Some of the latest malware finds on Google Play involve using social media to spread a virus. Three apps to be exact, and they all used social media platforms like Facebook and chat apps to hook their victims.
Before being removed from the Google Play Store, the malware apps targeted Android Smartphones and other devices, using them to target individuals in the Middle East. This is according to Lookout researchers who tied some of the apps to the group APT-C-23. The malicious apps were downloaded over 1,000 times before being taken out of the store by Google. But by then the damage was done. With over 2 billion Play Store customers downloading apps and 2.5 billion of us on social media, there’s nearly a guaranteed level of success for hackers. Even infected apps that are detected early can still reach a large audience before they’re discovered. It’s likely the minimum number of victims (and often many more) keep hackers coming back to Google Play time and again.
With these three infected apps, all used social media with the same lure of attractive women online. The female lures required users to download a chat application to continue interacting with them. After unsuspecting users took the bait, the malware went into action stealing audio and images from the victim’s device. From there, the goal of surveillance was unleashed. Every phone call, picture, text, and more became property of the hackers.
In a social media-obsessed society, apps that are offered, and especially pushed, within those products should be a huge red flag for everyone, everywhere. Historically, hackers rely on human emotion for phishing exploits and there’s no shortage of emotions on social platforms. In this case, it was physical attraction that hooked the victims. The lesson learned here is not to trust apps that you haven’t verified are legitimate before downloading them.
Considering the alternative, the bit of time it takes to investigate an app is well worth it. These infected apps were used for surveillance purposes, but many Google Play Store apps have already stolen banking, personal information and identities. As social media consumers, who knows what other emotions hackers may prey on? Don’t be surprised if they tug on your heartstrings next. Fortunately, you can keep your heart off your sleeve – and out of danger by verifying before you download!