Application security, Endpoint/Device Security

Fake popular Android app versions found stealing credentials

A green Google Android figure on digital blur background.

A recent report showed that users' credentials are being stolen by malicious Android apps using phishing URLs mimicking well-known services that include Facebook, GitHub, Instagram, LinkedIn, Microsoft, Netflix, PayPal, Proton Mail, Snapchat, Tumblr, X, WordPress, and Yahoo, though it is unclear what the campaign's distribution vector is, reports The Hacker News.

The rogue app, once installed in the phones of the users, will request permissions to be granted and once these permissions are approved the rogue app can gain control of the device, allowing it to carry out actions such as data theft or malware deployment without the knowledge of its victims.

Symantec has already warned that a social engineering campaign uses WhatsApp as a delivery vector to spread a new Android malware that poses as a defense-related application. In Finland last week, it was revealed by the country's National Cyber Security Centre that banking data is being stolen through smishing messages instructing users to Android malware, according to The Hacker News.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.