EventhebestAndroidphonesneedtobecarefulwhendownloadingnewappstotheirdevices.Asanexample,28appsthatwereusedtoproxysmartphonesinstalledbyhackerswererecentlydiscoveredintheGooglePlaystore.
AsreportedbyBleepingComputer,HUMAN'sSatorithreatintelligenceteamdiscoveredthattheseseeminglyharmlessappswereactuallydoingdubiousthingsinthebackground.Ofthe28appslistedinthereport,17wereposingasfreeVPNsoftware.
ThebestfreeVPNappsandservicescanhelpprotectyouronlineprivacy,butyoushouldalwaysbecarefulwheninstallingthemonyourdevice,andasItestVPNsinmyreviewsforTom'sGuide,IstronglyrecommendinvestinginthebestVPNserviceinstead.IrecommendthatyouinvestinthebestVPNservice.Thesepaidsolutionsaremorereputable,andmanyofthemhavebeenauditedbythirdpartiestoensurethattheirappsandservicesdonotcontainvulnerabilitiesormaliciouscode.
HavingyourphoneproxiedisnotasbadasbeinginfectedwithAndroidmalware,butitisstillacauseforconcern.Residentialproxieshavelegitimateuses,suchasmarketresearchandsearchengineoptimization,butwhenabusedasinthiscase,theycanbeusedforallkindsofmaliciousactivity,fromadfraudtophishingandevencredentialstuffing.
Hereiseverythingyouneedtoknowaboutmaliciousapps,alongwithtipsonhowtokeepyourselfsafefromthem.
SomeofthefollowingappsdonotcontainthemaliciouscodethatwasusedtoproxyAndroidsmartphones.However,forthosewhoareconcernedthathackersmaybeusingtheirdevicesforcybercrime,itisrecommendedthattheymanuallyremovetheseappsiftheyareinstalledontheirsmartphones.
Whatthese28appshaveincommonisthattheyusedLumiApps'softwaredevelopmentkit(SDK).ThecompanyalsooperatesanAndroidappmonetizationplatformthatusesthedevice'sIPaddresstoloadwebpagesinthebackgroundandsendtheretrieveddatatocompanies.
AccordingtotheLumiAppswebsite,thisisusuallyfromwell-knownsites,"doneinawaythatneverinterruptstheuserandisfullyGDPR/CCPAcompliant."Theyallhavetheultimategoalofhelpingcompanies"improvetheirdatabasesandprovidebetterproducts,services,andprices."
Onpaper,thisseemsabitintrusivebutharmless,butwhenyoudownloadafreeappinsteadofapaidapp,yougetwhatyoupayfor.whatLumiaAppsdidnotenvisionisthathackerswouldfindawaytousetheappmonetizationplatformfortheirownbenefitwouldfindawaytousetheappmonetizationplatformfortheirownbenefit.
Afterexaminingthese28apps,HUMANsecurityresearchersdiscoveredthattheyallcontainedaGolanglibraryusedtorunaproxycalled"Proxylib."ThefirstappthecompanydiscoveredthatcontainedProxylibwasafreeAndroidVPNappcalledOkoVPN.SecurityresearcherslaterdiscoveredthatthissamelibrarywasusedbyLumiApps'Androidappmonetizationservice.
Basedonthefindings,HUMANbelievesthatthesemaliciousappsareassociatedwithaRussianhomeproxyserviceprovidercalledAsocks.itisworthnotingthatAsocks'servicesareoftenpromotedinonlinehackingforums.ItisworthnotingthatAsocks'servicesareoftenpromotedinonlinehackingforums.
Earlierthisyear,LumiAppsreleasedanewversionofitsSDK,includingProxylibv2.Apparentlythiswasdonetoaddress"integrationissues,"butitisunclearastowhetheritcanbeexploitedbyhackers.
GooglethenremovedallremainingappsandallnewappsusingtheLumiAppsSDKfromthePlayStore.Similarly,someofthedeveloperswhohadusedtheSDKalsoremovedittofixtheirapps,butsomehavere-releasedthesameappsusingdifferentdeveloperaccounts.
ThefirstthingyouwanttodotoprotectyourselfandyourdevicefrommaliciousappsistoavoidinstallingunwantedappsonyourAndroidsmartphone.Askyourselfifyoureallyneedthatapp,andchecktheratingsandreviewsofthatappbeforeinstallingit.Keepinmind,however,thatreviewsandratingscanbefaked.Forthatreason,Ialwaysrecommendlookingatvideoreviews.
Onthesecurityfront,makesureyouhaveGooglePlayProtectenabled.Butforaddedprotection,youshouldconsiderinstallingoneofthebestAndroidantivirusapps.
AsforfreeVPNappsandfreeVPNsingeneral,Ireallydon'trecommendthem.MostVPNservicesarefairlyinexpensiveforwhattheyoffer,andifyoushopwisely,youcanoftengetgreatdealsontopproviderslikeExpressVPN,NordVPN,Surfshark,etc.Forexample,Iboughta2-yearsubscriptiontoSurfsharkonBlackFridayayearandahalfagoatasteepdiscount,anditisstillgoingstrong.
Hackersandothercybercriminalswillcontinuetoreleasemaliciousappsandtrytoturngoodappsevilbyinjectingmaliciouscode.Thisisbecausesmartphonesthesedayscontainfartoomuchpersonalandfinancialdata.Therefore,itisimportanttothinktwiceanddoproperresearchbeforeinstallinganynewapponyoursmartphone,nomatterhowpopularitmaybe.
.
Comments