It’s dressing up as your favourite apps like Instagram and Snapchat to steal your passwords. Not cool, right?

So, here’s the scoop. The Hacker News spilled the beans about this new malware campaign. What’s happening is these bad-boy Android apps are pretending to be Google, Instagram, Snapchat, WhatsApp, X, and other cool online services. Their mission? To swipe your contacts, text messages, call logs, and of course, your passwords.

Now, the brainiacs at SonicWall’s Capture Labs team have been digging into this and they’ve got some good intel. But, they’re still scratching their heads about how these nasty apps are getting onto Android phones. They could be coming from phishing sites, dodgy emails or text messages, or even bundled with pirated software. Yikes!

While SonicWall is busy playing detective, here’s the lowdown on how to keep your Android phone safe from this malware.

Once the dodgy app (which is spreading this malware) is on your phone, it starts playing hide and seek. It uses icons from popular apps and online services to blend in.

When you open the app for the first time (which could easily happen by mistake because it’s pretending to be another app), it asks for two permissions: Android Accessibility Service and Device Admin Permission. If you give the app these permissions, it can then take over your phone and steal your data without you even knowing.

Also Read: Revitalizing Your Windows PC (No Reinstallation Required)

So, here’s the lowdown according to a blog post from SonicWall. Once this sneaky app, which is spreading malware, gets installed on someone’s phone, it starts playing dress-up. It uses icons from popular apps and online services to blend in. Pretty crafty, right?

Now, imagine you open this app for the first time, which could totally happen by accident because it’s pretending to be another app. It asks for two permissions: Android Accessibility Service and Device Admin Permission. If someone unknowingly gives the app these permissions, it can then hijack their phone and swipe sensitive data without them even knowing. Scary stuff!

But it doesn’t stop there. This dodgy app then makes a call to a hacker-controlled command and control (C&C) server to get more instructions. For example, the app can be used to read messages, check out call logs, access notification data, send messages, and worst of all, open harmful websites in a victim’s browser for phishing.

Here’s how it works: this malicious app and the malware it carries trick victims by taking them to fake login pages for sites like Instagram, PayPal, Netflix, Microsoft, WordPress, LinkedIn, ProtonMail, Yahoo, and more. They’re then asked to enter their username and password which is stored and sent back to the hackers running this campaign.

From there, they can take over their online accounts and commit fraud or even identity theft if they get enough sensitive, personal information. For example, if they snag someone’s Microsoft credentials and they use OneDrive to store copies of their driver’s license, passport, or even their Social Security number (a terrible idea, but some folks still do it), the hackers could stir up some serious chaos.

Also Read: Bummer, Your Phone Got Swiped! But Hey, Don’t Freak Out. Here’s What You Gotta Do To Secure Your Data!

So, we’re not exactly sure how this malware-loaded app is spreading, but I can definitely give you some tips on how to keep your Android phone safe from such threats.

Google’s been pretty good at keeping the Play Store clean, but you still gotta be careful when downloading new apps. Always check out an app’s ratings, and reviews, and if you can, watch a video review online to get the full picture.

Now, here’s the thing about malicious apps — they’re often sideloaded onto a victim’s smartphone. And get this, it’s usually the victim themselves who does it, often tricked into it by some hacker or scammer. So, be super careful when someone tells you to install an app via a text message, email, or social media. If the app isn’t on a legit app store and needs to be downloaded as an APK file and then installed manually, that’s a huge red flag. Avoid it like the plague!

To stop malicious apps from getting onto your Android phone in the first place, make sure that Google Play Protect is switched on. This built-in security app checks all your existing apps and any new ones you download for malware. And if you want to go the extra mile, consider running one of the top Android antivirus apps alongside it.

We might not get more info about this particular campaign, but at least now you know that malicious apps can change their icons to blend in. They might pretend to be system apps like contacts or settings, or in this case, impersonate popular apps using their logos and names. And since tactics like this can be super effective, we probably haven’t seen the last of them.

Also Read: Is It Cool to Keep Your Laptop Plugged In Non-Stop?

Alright, here’s the lowdown. Android apps are under attack from sneaky malware that’s pretending to be popular apps like Instagram and Snapchat to swipe your passwords. We’re not sure how it’s spreading, but it could be through phishing sites, dodgy emails, text messages, or even bundled with pirated software.

Once it’s on your phone, these nasty apps ask for permissions that let them take over your phone. They can read your messages, check out your notification data, send messages, and even open harmful websites in your browser. The worst part? They trick you into entering your login details on fake pages, which are then sent back to the hackers.

But don’t panic! You can stay safe by being careful when downloading new apps, especially those that need to be installed manually as APK files. Make sure Google Play Protect is switched on and consider using a top-notch antivirus app.

So, remember folks, the cyber world is full of sneaky tricks. Stay informed, stay vigilant, and most importantly, stay safe!

Also Read: Do Want To Start Earning From Youtube?