Security

New Android Malware Mimics Common Apps

The newest sensation sweeping European nations isn’t quite as fashionable as pantsuits or as tasty as flakey milk chocolate; it is a new piece of Android malware that is gaining ground in countries like Denmark, Italy, Germany, and Austria. This software takes over apps like Uber and Google Play by mimicking their familiar user interfaces and tricking users into inputting confidential information.


This malware functions by using a particular SMS phishing scheme that sends out links in SMS messages to trick recipients into installing it on their devices. These links have gotten increasingly more deceptive, as some messages are as simple as “We could not deliver your order. Please check your shipping information here.” After a user clicks on the given link he/she has, unknowingly, given the malware access to monitor and manipulate the device.

Once users have clicked on the link, the malware tracks which apps are used most frequently and which are running in the background. If one of those apps (usually WhatsApp, Uber or Google Play) is launched, the malware overlays a phishing page on top of it and then asks the user to input his/her information. The problem is, the overlay is often “nearly identical” to the original app so it can be very challenging for users to recognize. This overlay is very deceptive because the UI screen is only created when the app is launched, emulating the actual app’s appearance in real time. In this way, the malware can persuasively convince users to input confidential information which then gets sent to the C&C servers.


While mobile banking apps and other financial apps used to be targeted for access to credit cards and other monetary information, the malware is now mimicking more common apps like WhatsApp, WeChat, Uber, Facebook, and Viber. Because the malware is accessing more “benign” apps, people are less suspecting these apps will jeopardize their financial information.

Perpetrators have also used a number of URL shortening services that make the malware harder to detect. FireEye claims that the 30 shortened URLs used to direct users to the malware have been clicked more than 160,000 times. However, the use of these shorteners has made it possible for experts to establish how many different Android devices could possess the malware (Hint: It’s a lot).

Although this malware is adeptly bypassing Android’s security features, there are a few precautions you can take to make sure that your device is safe. The first is to simply make sure you’re not clicking on links that are from unknown sources or contain vague messages. Be cautious when opening any new text messages or emails. You can also download a supplementary security system, like PSafe Total, for extra assurance that your device is secure. PSafe Total can detect the newest types of malware and give your Android devices unparalleled protection against whatever cybercriminals have in store.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.

Recent Posts

Why Updating Android Helps Protect Your Phone, Even When Nothing Looks Different

Have you ever put off an Android update because you figured nothing would really change…

57 years ago

Your Phone Knows Where You’ve Been. Here’s Why That Matters More Than Ever

Do you know how many places your phone can remember from just one ordinary week?…

57 years ago

Does Changing Your Password Every Week Make Your Account Safer? Myth or Fact

You’ve probably heard that changing your password every week is a smart way to keep…

57 years ago

What Happens When You Tap “Allow” on an Android App?

You install a new app, open it for the first time, and the screen pops…

57 years ago

5-Minute Monthly Phone Check: What to Review on Android

You unlock your phone to answer a quick text and, without even noticing it, pass…

57 years ago

What Happens to Your Data After You Close an App?

You open an app to order food, check your bank balance, chat with friends, or…

57 years ago