Three new malware families for the Android operating system racked up more than 300,000 downloads from the Google Play Store before being taken offline. The pests came disguised as messaging apps, cameras and QR code readers, attributes that would allow the legitimate request for access that, in fact, was used to steal user data and accounts on social networks.

The alert on the matter was published by the security company Zscaler and brings information about three threats, called Joker, Facestealer and Coper. The former seems to be the most popular, garnering hundreds of thousands of downloads, while the latter two would still be in the early stages of dissemination.

The improper subscription to premium services, in addition to the theft of credentials and access codes via SMS, are the goals of Joker. According to experts, no less than 50 applications were registered by the crooks as a way to spread the malware, mostly communication tools, photography, cell phone personalization and health monitors.

None of them delivered what they promised, of course, as they served as a gateway to the data-stealing pest and use the apps’ promise of functionality to hide the different authorization requests. The software even encrypted the tracks on the cell phone, as a way of evading detection by security software. Check the list of malicious apps:

Simple Note Scanner – com.wuwan.pdfscan

Universal PDF Scanner – com.unpdf.scan.read.docscanuniver

Private Messenger – com.recollect.linkus

Premium SMS – com.premium.put.trustsms

Smart Messages – com.toukyoursms.timemessages

Text Emoji SMS – messenger.itext.emoji.mesenger

Blood Pressure Checker – com.bloodpressurechecker.tangjiang

Funny Keyboard – com.soundly.galaxykeyboard

Memory Silent Camera – com.silentmenory.timcamera

Custom Themed Keyboard – com.custom.keyboardthemes.galaxiy

Light Messages – com.lilysmspro.lighting

Themes Photo Keyboard – com.themes.bgphotokeyboard

Send SMS – exazth.message.send.text.sms

Themes Chat Messenger – com.relish.messengers

Instant Messenger – com.sbdlsms.crazymessager.mmsrec

Cool Keyboard – com.colate.gthemekeyboard

Fonts Emoji Keyboard – com.zemoji.fontskeyboard

Mini PDF Scanner – com.mnscan.minipdf

Smart SMS Messages – com.sms.mms.message.ffei.free

Creative Emoji Keyboard – com.whiteemojis.creativekeyboard.ledsloard

Fancy SMS – con.sms.fancy

Fonts Emoji Keyboard – com.symbol.fonts.emojikeyboards

Personal Message – com.crown.personalmessage

Funny Emoji Message – com.funie.messagremo

Magic Photo Editor – com.amagiczy.photo.editor

Professional Messages – com.adore.attached.message

All Photo Translator – myphotocom.allfasttranslate.transationtranslator

SMS Chat – com.maskteslary.messages

Smile Emoji – com.balapp.smilewall.emoji

Wow Translator – com.imgtop.camtranslator

All Language Translate – com.exclusivez.alltranslate

Cool Messages – com.learningz.app.cool.messages

Blood Pressure Diary – bloodhold.nypressure.mainheart.ratemy.mo.depulse.app.tracker.diary

Chat Text SMS – com.echatsms.messageos

Hi Text SMS – ismos.mmsyes.message.texthitext.bobpsms

Emoji Theme Keyboard – com.gobacktheme.lovelyemojikeyboard

iMessager – start.me.messager

Text SMS – com.ptx.textsms

Camera Translator – com.haixgoback.outsidetext.languagecameratransla

Come Messages – com.itextsms.messagecoming

Painting Photo Editor – com.painting.pointeditor.photo

Rich Theme Message – com.getmanytimes.richsmsthememessenge

Quick Talk Message – mesages.qtsms.messenger

Advanced SMS – com.fromamsms.atadvancedmmsopp

Professional Messenger – com.akl.smspro.messenger

Classic Game Messenger – com.classcolor.formessenger.sic

Style Message – com.istyle.messagesty

Private Game Messages – com.message.game.india

Timestamp Camera – allready.taken.photobeauty.camera.timestamp

Social Message – com.colorsocial.message

Facestealer, as the name implies, has the theft of Facebook logins and passwords as its objective. It was hidden in a software called Vanilla Snap Camera, which collected 5,000 downloads and, instead of increasing the photos on the cell phone, it displayed a fake screen for entering an email and password in the name of the social network, with the data being sent. to servers under the control of criminals.

Malware hidden as a camera app created fake Facebook login screens with the aim of stealing credentials (Image: Reproduction/Zscaler)

A code analysis also showed that the virus has the ability to do the same for other services and social networks, even though the Meta platform is the only target at this early stage. The same is also true for Coper, which opens gateways for new malware from overlapping screens that require the installation of fake updates for applications and the operating system itself, accumulating more than 1,000 downloads at the time it was discovered. .

Coper is yet another virus that abuses Android’s accessibility services to insert fake screens into apps and capture user information (Image: Reproduction/Zscaler)

The malware is also capable of reading and intercepting SMS messages, recording typed texts and capturing screen images, with all the information being sent to servers controlled by the crooks. As is usually the case, the abuse here is carried out through Android accessibility services, a common avenue for cybercriminals as it allows the use of different avenues of attack without multiple authorizations being required, a factor that can generate distrust.

How to avoid scams with Android apps?

Google has been informed about the presence of the malicious apps in the official Android store and they have all been taken down. However, this does not free users who have already installed them from danger, who need to take steps to get rid of the infection and clean the device using security software, in addition to changing passwords and other checks to ensure any malicious uses. .

The main recommendation is to pay attention to downloading apps on the Android operating system. Although the use of Google Play is recommended, it is not the only guarantee of security, with users having to pay attention to developers and user-written reviews, avoiding downloading applications with few downloads or that have unrecognized responsible.

Keeping your operating system up to date and security software running also helps you avoid the most common threats. When performing downloads, be aware of the permissions requested and assess whether the downloaded software actually needs such access to work, denying it in case of suspicion and performing the uninstall immediately.

