How to avoid malware on android

How to avoid malware on android

Photo: tomeqs, Shutterstock

Malware is no fun (some would say it bytes, if they were very funny). If installed on your Android device, malware can steal data, mess with functionality, and, on top of it all, trick your phone into installing more malware. Nobody intentionally downloads malware onto their phone, but it can be trickier than you think to spot it in the wild. Luckily, there are resources to help.

Joker malware is a problem

One of the biggest malware issues facing Android is Joker, the nickname for a bit of malicious code hackers love to attach to innocuous looking apps in the Play Store. These apps will ask for permissions to access way more of your data than they should, but they won’t actually take advantage of those permissions right away. Instead, they’ll lie in wait for some time before installing Joker malware onto your device. This is called a “dropper” attack.

Once Joker is installed on your device, it can quietly sign you up for premium subscription services (which you won’t even realise unless you check your credit card statement) and/or send data from your device back to the hackers; contact information, text messages, and other important and sensitive information is all fair game in this scenario.

How to spot a potential Joker app

Fortunately, you don’t have to blindly hope the next app you download is safe and Joker-free. Instead, just follow Tatyana Shishkova on Twitter. Shishkova (@sh1shk0va) is an Android malware analyst for cybersecurity company Kaspersky. Shishkova’s Twitter feed is largely devoted to exposing active apps on the Play Store that secretly carry Joker malware.

As of this writing, Shishkova’s latest exposure is an app called “Volume booster Hearing Aid.” Aside from the odd capitalisation of its name, the app seemed pretty standard for a random third-party app. Shishkova, however, identified it as an Android trojan for Joker, leading to its removal from the Play Store.

It appears that every app Shishkova has highlighted on Twitter in the past has been removed from the Play Store, which means you’d do well to keep tabs on her feed. And while the apps’ removal is good news, they can still wreak havoc on devices that installed them, so it’s worth scanning her feed to check if any of your apps match ones she’s identified in the past.

Be cautious when downloading strange apps

This is certainly not the first time we’ve warned you about apps carrying Joker malware, and we doubt it’ll be the last. Joker is really good at skirting Google’s watch, so hackers often manage to sneak apps containing it onto the Play Store. Be vigilant: Before you download an app, make sure to vet it. How are the reviews? Does the app seem to serve a specific purpose? Do the description or images seem legitimate or fishy? Do the requested permissions make sense for its functionality? Asking yourself these questions before installation can save you a lot of headaches down the road.

How to avoid malware on android(Photo : Pathum Danthanarayana from Unsplash ) ‘Banking’ Trojan Malware Hits Over 300,000 Android Users | List of Apps to Avoid on Google Play App Store

Android smartphone users are the latest victims of the four banking trojan malware that ignores Google PlayStore’s detection method. It turned out that they downloaded some malicious apps such as QR code scanners, crypto apps, and more.

The cybersecurity experts found out that these applications have advertising functions to avoid suspicions about their possible danger to Android devices.

Android Users Beware of Banking Trojan Malware

How to avoid malware on android

According to a report by ZDNet on Tuesday, Nov. 30, ThreatFabric analysts detected four kinds of malware that were recently downloaded on Android devices. The experts wrote that the most notorious among them all is the Anatsa malware which is a banking trojan that could steal users’ credentials and other details such as passwords and email addresses.

This malware uses a keylogger which hackers utilize for easy recording of information in the device. Moreover, this malware is mostly present in certain applications such as PDF scanners and QR code readers. At the time of the report, more than 200,000 users suffered from this attack.

Another malware that ThreatFabric spotted was the Android banking trojan called Alien. This can ignore two-factor authentication securities. It was mentioned in the report that there were already 95,000 downloads in the Google Play Store connected to this malware.

IF you happen to stumble in a fitness app on the platform, you might want to check it for the second time around. Aline malware takes full control of these apps using a deceptive website that mimics a real one.

Over the recent months, Hydra and Ermac, the two other banking Trojan malware, recorded at least 15,000 installations. ThreatFabric found out that the two malicious software are connected to the banking malware group Brunhilda.

The team discovered that these apps are either currently undergoing thorough review or are just removed right away upon inspection. Still, the cybercriminals could launch another series of attacks on mobile users, so you always check if the app that you are downloading is safe and free from viruses.

In an interview with ZDNet, ThreatFabric mobile malware specialist Dario Durando said that he is seeing the evolution of Android banking malware. Moreover, this could push the hackers to move to the mobile platform to infect unaware Android users.

The tricky part here is you cannot easily identify that the app is malicious in the first place, according to the researchers.

“A good rule of thumb is to always check updates and always be very careful before granting accessibility services privileges – which will be requested by the malicious payload, after the “update” installation – and be wary of applications that ask to install additional software,” Durando said.

List of Malicious Apps to Avoid on Google Play Store

The experts warned the Android users that the following apps could steal their confidential information like bank accounts and even spy over their screenshots. They could also gain access to the 2FA codes and keystrokes. These are all possible to do using the Automatic Transfer System (ATSs) tool.

For instance, users who downloaded a QR code scanner could receive phishing links or even suspicious ads. Cybersecurity analysts said that these apps should be avoided at all costs.

The Hackers News listed the applications on Google Play Store that you should not click, download, or install.

PDF Document Scanner – Scan to PDF (com.xaviermuches.docscannerpro2)

PDF Document Scanner Free (

Gym and Fitness Trainer (com.gym.trainer.jeux)

Two Factor Authenticator (com.flowdivison)

Protection Guard (

QR CreatorScanner (com.ready.qrscanner.mix)

Master Scanner Live (com.multifuction.combine.qr)

QR Scanner 2021 (com.qr.code.generate)

QR Scanner (com.qr.barqr.scangen)

In another report by Tech Times, authorities remained to be on the hunt for the Russian REvil hacker who has been living lavishly in a Siberian hideout. The FBI officials are now chasing the criminal who was still at large.

Meanwhile, you can read this article on how to turn off trackers that could follow you through your phone wherever you go.

This article is owned by Tech Times

Written by Joseph Henry

Advanced protection against malware, ransomware, and other growing threats to Android devices.

google-play-badge Created with Sketch.

How to avoid malware on android

Phenomenal cosmic protection. Itty bitty memory space.

The folks you trust to safeguard your computer now offer powerful protection you can put in your pocket. Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth. A privacy audit tells you which apps are monitoring your every move. All that protection in a lean package.

Detects ransomware before it can lock your device

Real-time protection shields your device from infection. With mobile malware threats on the rise, advanced technologies deal with dangerous newcomers like ransomware before they can become a problem.

How to avoid malware on android

Detects ransomware before it can lock your device

Real-time protection shields your device from infection. With mobile malware threats on the rise, advanced technologies deal with dangerous newcomers like ransomware before they can become a problem.

We propose our new Android malware dataset here, named CICAndMal2017. In this approach, we run our both malware and benign applications on real smartphones to avoid runtime behavior modification of advanced malware samples that are able to detect the emulator environment. We collected more than 10,854 samples (4,354 malware and 6,500 benign) from several sources. We have collected over six thousand benign apps from Googleplay market published in 2015, 2016, 2017.

We installed 5,000 of the collected samples (426 malware and 5,065 benign) on real devices. Our malware samples in the CICAndMal2017 dataset are classified into four categories:

  • Adware
  • Ransomware
  • Scareware
  • SMS Malware

Our samples come from 42 unique malware families. The family kinds of each category and the numbers of the captured samples are as follows:


  • Dowgin family, 10 captured samples
  • Ewind family, 10 captured samples
  • Feiwo family, 15 captured samples
  • Gooligan family, 14 captured samples
  • Kemoge family, 11 captured samples
  • koodous family, 10 captured samples
  • Mobidash family, 10 captured samples
  • Selfmite family, 4 captured samples
  • Shuanet family, 10 captured samples
  • Youmi family, 10 captured samples


  • Charger family, 10 captured samples
  • Jisut family, 10 captured samples
  • Koler family, 10 captured samples
  • LockerPin family, 10 captured samples
  • Simplocker family, 10 captured samples
  • Pletor family, 10 captured samples
  • PornDroid family, 10 captured samples
  • RansomBO family, 10 captured samples
  • Svpeng family, 11 captured samples
  • WannaLocker family, 10 captured samples


  • AndroidDefender 17 captured samples
  • AndroidSpy.277 family, 6 captured samples
  • AV for Android family, 10 captured samples
  • AVpass family, 10 captured samples
  • FakeApp family, 10 captured samples
  • FakeApp.AL family, 11 captured samples
  • FakeAV family, 10 captured samples
  • FakeJobOffer family, 9 captured samples
  • FakeTaoBao family, 9 captured samples
  • Penetho family, 10 captured samples
  • VirusShield family, 10 captured samples

SMS Malware

  • BeanBot family, 9 captured samples
  • Biige family, 11 captured samples
  • FakeInst family, 10 captured samples
  • FakeMart family, 10 captured samples
  • FakeNotify family, 10 captured samples
  • Jifake family, 10 captured samples
  • Mazarbot family, 9 captured samples
  • Nandrobox family, 11 captured samples
  • Plankton family, 10 captured samples
  • SMSsniffer family, 9 captured samples
  • Zsone family, 10 captured samples

In order to acquire a comprehensive view of our malware samples, we created a specific scenario for each malware category. We also defined three states of data capturing in order to overcome the stealthiness of an advanced malware:

  1. Installation: The first state of data capturing which occurs immediately after installing malware (1-3 min).
  2. Before restart: The second state of data capturing which occurs 15 min before rebooting phones.
  3. After restart:The last state of data capturing which occurs 15 min after rebooting phones.

For feature Extraction and Selection, we captured network traffic features (.pcap files), and extracted more than 80 features by using CICFlowMeter-V3 during all three mentioned states (installation, before restart, and after restart). See our publicly available Android Sandbox.


The CICAndMal2017 dataset is publicly available for researchers. If you are using our dataset, you should cite our related research paper which outlining the details of the dataset and its underlying principles:

Explore three major multi-tenancy security challenges and how to fix them, including lack of visibility, privilege overallocation.

If your company is using a cloud database provider, it’s critical to stay on top of security. Review the security features .

The cloud-native application protection platform, or CNAPP, is the latest in a slew of cloud security acronyms. Learn what it is .

AI network management tools are poised for significant growth in the coming year, but making the most of the tech’s capabilities .

AWS plans to rearchitect its support system to run across multiple regions to prevent a future hours-long outage. Also, it will .

In 2020, enterprises shifted to remote work due to the pandemic. The trend continued in 2021, along with four other networking .

With the tech talent shortage in full force, IT talent development is critical for every organization. Learn the essentials of .

IT leaders who bypass strategy and go straight to selecting automation tools are courting failure. Here’s how to move toward .

To strengthen organizational cybersecurity, CIOs must work closely with other leaders. Learn why it’s important to loop in the .

Apple macOS devices make up a significant portion of enterprise endpoints, and vendors such as Jamf offer tools to help .

After spinning off from LogMeIn, password management firm LastPass plans to grow its business by providing faster feature updates.

Windows 10 Disk Check is an intuitive tool that can scan and repair hard drives to reduce the risk of total disk failure and loss.

Cloud environments are complex and have many moving parts. Implement a cloud visibility strategy to track those moving parts and .

From container marketplaces to file systems, this year’s re:Invent conference was brimming with news. Here are some key takeaways.

Combining a public cloud and an on-premises environment creates unfamiliar security challenges. Learn the main security issues in.

Here are Computer Weekly’s top 10 networking stories of 2021

The extension of the IR35 reforms to the private sector in April 2021 has provided Computer Weekly with lots to write about this .

Computer Weekly looks at the top IT stories from the Benelux region in the past year

How to avoid malware on android

The BRATA Android remote access trojan (RAT) has been spotted in Italy, with threat actors calling victims of SMS attacks to steal their online banking credentials.

The variant currently in circulation is new, and according to a report by researchers at Cleafy, it can pass undetected by the vast majority of AV scanners.

BRATA was previously seen in Brazil, delivered via apps on the Google Play Store, but it appears that its authors are now selling it to foreign operators, which is not unusual in this field.

Using fake anti-spam apps

The Italian campaign was first spotted in June 2021, delivering multiple Android apps through SMS phishing, otherwise known as smishing.

Most of the malicious apps were called “Sicurezza Dispositivo” (Device Security) and were promoted as anti-spam tools.

That first wave failed in AV detection, having a 50% stealthiness rate in Virus Total. These high detection rates led to a second wave using a new variant with extremely low detection rates in mid-October.

In the second wave, the actors also expanded their targeting scope, raising the targeted financial institutes from one to three.

How to avoid malware on android

AntiSPAM app promoted by the threat actors
Source: Cleafy

Manual labor required

The attack begins with an unsolicited SMS text linking a malicious website. This text claims to be a message from the bank urging the recipient to download an anti-spam app.

The link leads to a page from where the victim downloads the BRATA malware themselves or takes them to a phishing page to enter their banking credentials.

During that step, the threat actors call the victim on the phone and pretend to be an employee of the bank, offering help with installing the app.

How to avoid malware on android

BRATA campaign in Italy
Source: Cleafy

The app requires multiple permissions to enable the actor to take full control of the compromised device, including the Accessibility services, view and send SMS, make phone calls, and perform screen recording.

The full list of BRATA’s capabilities includes:

  • Intercept SMS messages and forward them to a C2 server. This feature is used to get 2FA sent by the bank via SMS during the login phase or to confirm money transactions.
  • Screen recording and casting capabilities that allow the malware to capture any sensitive information displayed on the screen. This includes audio, passwords, payment information, photo, and messages. Through the Accessibility Service, the malware clicks the “start now” button (of the popup) automatically, so the victim is not able to deny the recording/casting of the owned device.
  • Remove itself from the compromised device to reduce detection.
  • Uninstall specific applications (e.g., antivirus).
  • Hide its own icon app to be less traceable by not advanced users.
  • Disable Google Play Protect to avoid being flagged by Google as suspicious app.
  • Modify the device settings to get more privileges.
  • Unlock the device if it is locked with a secret pin or pattern.
  • Display the phishing page.
  • Abuse the accessibility service to read everything that is shown on the screen of the infected device or to simulate clicks (taps) on the screen. This information is then sent to the C2 server of the attackers.

How to avoid malware on android

Permissions requested by the BRATA app
Source: Cleafy

The actors abuse these permissions to access the victim’s bank account, retrieve the 2FA code, and eventually perform fraudulent transactions.

The mule accounts used as intermediary points in this campaign are based in Italy, Lithuania, and the Netherlands.

Stay safe

As this is a mobile campaign, desktop users are excluded from infections to narrow the targeting scope to prospective victims.

If you try to open the link contained in the SMS on a PC or laptop, the website won’t be viewable. That’s a simple checking method to confirm the validity of incoming messages.

Secondly, no bank ever suggests installing any app other than the official e-banking app, which is found on the Play Store/App Store and linked to from the bank’s official website.

Finally, whenever you install an app, pay attention to the type of permission requested and consider its relevance to the app’s functionality. Do not install the app if an app is requesting too many permissions unrelated to its functionality.

How to avoid malware on android

Researchers from mobile security company Pradeo have revealed that the Color Message app infected with Joker malware has been downloaded more than 500,000 times by Android users before it was removed from the Google Play Store.

For those unaware, Color Message was advertised as an app that allowed users to personalise their default SMS messages.

The analysis of the Color Message application done by the researchers through the Pradeo Security engine showed that the app accessed users’ contact list and exfiltrated it over the network to Russian servers.

Joker is considered a “fleeceware” form of malware, as its main activity is to simulate clicks in order to generate revenue from malicious ads, intercept SMS to subscribe users to unwanted paid premium services unbeknownst to them and commit billing fraud.

By using as little code as possible and thoroughly hiding it, Joker generated a very discreet footprint that was tricky to detect for Google Play’s app protections. To make it difficult to be removed, the application even had the capability to hide its icon once installed.

The application’s very concise terms and conditions are hosted on an unbranded one page blog and does not disclose the extent of the actions the app performed on users’ devices.

“One of the victims has even tried reaching out to the application’s developer through the comment section of the legal page, other users are directly complaining about the fraud in the comment section of the app on the store,” the researchers wrote in the blog post citing users’ comments that it is a scam app.

Users who have downloaded the Color Message app from the Google Play Store are advised to immediately delete it from their device to avoid fraudulent activities.

Apparently, the Joker malware has been hiding in hundreds of apps in the last two years. However, this is the first time it has been detected in the Play Store.

The dropper apps disguised themselves as PDF and QR code scanners, as well as fitness apps.

How to avoid malware on android (Image: ThreatFabric)

Trojan dropper apps have flown under the radar on Google Play in recent months, netting over 300,000 downloads and stealthily installing malware that scoops up people’s banking details.

As mobile security firm ThreatFabric reveals, “in the span of only four months, four large Android families [Anatsa, Alien, Hydra, and Ermac] were spread via Google Play, resulting in 300,000+ infections via multiple dropper apps.”

The dropper apps disguised themselves as simple utilities, such as PDF and QR code scanners, as well as fitness apps. The Android apps looked legitimate, with many installations and positive reviews, and worked as promised, giving users little reason to suspect something was amiss.

Part of the trick here is that the apps don’t appear to have any malicious code at first. But, as ThreatFabric found, the apps “modified their behavior in later versions, adding the dropping functionality, and a wider set of permissions required.” At this point, users may trust the app and believe the update is necessary to continue using it. In the case of one fitness app, the app disguises the malicious download as a package of extra workouts the user could install.

The apps further avoid detection by being selective about which devices and regions they’ll attack and when. This can ensure the dropper app doesn’t attempt to install the malware while the app is undergoing its initial evaluation process for Google Play, and it can avoid installation in testing environments and emulators where it might be detected.

Once on the device, the malware can skim bank details through keystroke logging, take screenshots, and request access to Accessibility Service so the malware “has full control over the device and can perform actions on the victim’s behalf,” TheatFabric explains.

How to avoid malware on android

Recently, cybersecurity experts from Cleafy said that there had been a spike in Android remote access trojan (RAT) infections over the past year. This dangerous malware campaign had been spreading to a number of regions. Its name is BRATA, and this malware was first discovered in Brazil. But now, it appeared in Italy as well. Well, as for its activity, hackers are using this malware to steal banking details from Android users. Of course, later, they withdraw money from those accounts.

What makes this malware more dangerous is that the BRATA is difficult to detect.

Also Read: Android Malware Is About 47 Times That Of iOS – Tim Cook

This is how BRATA works. First, users get an SMS text message that contains a link to a website. Users think the text comes from the bank. (As you know, it’s called smishing (phishing with SMS)). Once users click the link, they will appear on a site that suggests downloading an anti-spam app. To make it more trustworthy, it also says that a bank employee will contact them soon to discuss the details of the app.

How to avoid malware on android

Apart from this, on the opened webpage, you should fill the fields with your bank information. This is to prove you have an account. Then, a real person will attempt to sway you into downloading the malicious app. For this, they are using various social engineering techniques. Those who believe in this will install the app that is used by hackers to control your phone.

And a bunch of bank-account-raiding trojans also identified

FluBot, a family of Android malware, is circulating again via SMS messaging, according to authorities in Finland.

The Nordic country’s National Cyber Security Center (NCSC-FI) lately warned that scam messages written in Finnish are being sent in the hope that recipients will click the included link to a website that requests permission to install an application that’s malicious.

“The messages are written in Finnish,” the NCSC-FI explained. “They are written without Scandinavian letters (å, ä and ö) and include, for example, the characters +, /, &, % and @ in illogical places in the text to make it more difficult for telecommunications operators to filter the messages. The theme of the text may be that the recipient has received a voicemail message or a message from their mobile operator.”

NCSC-FI said it detected about 70,000 of these messages over a 24-hour period and has confirmed dozens of infections arising from the malware. The agency’s advice is, unsurprisingly, to not authorize the installation of the malicious Android app.

Those infected are advised to perform a factory reset on their Android device to remove the malware. If iOS users receive FluBot messages and click on the included link, they can expect to be redirected to fraud and phishing sites instead of being prompted to install an app.

Once successfully installed on a device, FluBot can access the contacts list, spam out texts to other users, read messages, steal credit card details and passwords as they are typed into apps, install other applications, and carry out other crooked activity.

FluBot was previously active in Finland in June 2021 and was the subject of an alert at the time.

How to avoid malware on android

Don’t look a GriftHorse in the mouth: Trojan trampled 10 million Android devices

But FluBot’s reach extends beyond a single country. In August, the malware was vexing Android users in Australia. In October, authorities in New Zealand warned of a FluBot surge.

“FluBot attempts to steal your banking and credit card information as well your contact list, which it uploads to a server to continue spreading itself,” said CERT NZ. “Once a device has been infected with FluBot it can result in significant financial loss.”

The malware family has also been showing up on various websites, where anyone might encounter the malicious code. Internet services firm Netcraft on Monday said it has identified almost 10,000 websites distributing FluBot malware.

‘[T]hese sites are unwittingly hosting a PHP script that acts as a proxy to a further backend server, allowing otherwise legitimate sites to deliver Android malware to victims,” the company said. “When visited by the intended victim, a ‘lure’ is displayed that implores them to download and install the FluBot malware.”

Among these enticements is the offer of an Android security update to protect against FluBot that is actually – wait for it – just FluBot. Other common lure themes include package delivery notifications and voicemail messages.

Netcraft said the websites distributing FluBot also host legitimate content, leading the company to believe that the website operators are unaware their sites have been subverted. The company speculates that the malware operators are exploiting known vulnerabilities in WordPress to infect websites because the identified sites are all self-hosted WordPress instances. ®

Speaking of Android. ThreatFabric said this month it has identified a bunch of malicious apps, installed 300,000-plus times, available in the Google Play store that can steal people’s online banking credentials. Typically, the app will look legit, then require an update that brings in malicious code. ThreatFabric has listed the names of the applications and other indicators of infection.

Protect your mobile devices and avoid annoying scams with Malwarebytes for iOS and Android.

Malwarebytes for iOS
Malwarebytes for Android

How to avoid malware on android

Malwarebytes for Android

Remove infections from your device

Run scans at any time

Conduct privacy audits for all apps

Premium (Free for the first 30 days)

Protect yourself from online threats like malware, ransomware, and scams

Detects phishing URLs when using the Chrome browser

Malwarebytes for iOS

Block ads and ad trackers on Safari

Forward fraudulent texts to a junk tab

Premium (Free for the first 30 days)

Protect yourself from malicious sites and online scams

Block calls from known and suspected scammers

Available in the US, Canada, and more.

How can I purchase Malwarebytes for iOS?

Malwarebytes for iOS is only available on the App Store. After you download the app, upgrade to Premium to activate features like Call Protection and Web Protection. Your first 30 days of Premium are free. After that, Apple will charge you $1.49 per month, or $11.99 per year, depending on your preference.

Please note that due to Apple’s restrictions, Malwarebytes for iOS cannot be purchased as part of a bundle, on the Malwarebytes site, or through an affiliate. If you have an unused product license from a bundled purchase that you’d like to use on Malwarebytes for iOS, please contact support to learn about your options.

Malwarebytes for iOS is now available in :

  • Anguilla
  • Antigua and Barbuda
  • Bahamas
  • Barbados
  • Bermuda
  • British Virgin Islands
  • Canada
  • Cayman Islands
  • Dominica
  • Dominican Republic
  • Grenada
  • Jamaica
  • Montserrat
  • St. Kitts and Nevis
  • Saint Lucia
  • St. Vincent and the Grenadines
  • Trinidad and Tobago
  • Turks and Caicos
  • United States

Malwarebytes Privacy VPN

A next-generation VPN to protect your privacy online. Secure your WiFi connection with supercharged fast speeds.

RedDrop malware steals data from the device, including live recordings of calls and surroundings, as well as files, photos, messages, contacts and more – all while charging the user.

Danny Palmer is a senior reporter at ZDNet. Based in London, he writes about issues including cybersecurity, hacking and malware threats.

A newly uncovered form of Android malware secretly steals sensitive data from infected devices – including full audio recordings of phone calls – and stores it in cloud storage accounts.

An invasive form of spyware, RedDrop harvests information from the device, including live recordings of its surroundings, user data including files, photos, contacts, notes, device data and information about saved Wi-Fi networks and nearby hotspots.

Described by the cybersecurity researchers at security company Wandera who uncovered it as “one of the most sophisticated pieces of Android malware” not only do those behind RedDrop use a wide variety of differing lures to infect victims, they’ve also gone out of their way to ensure that users are completely unaware that their phone is infected.

That is at least until they receive a high phone bill, due to the malware secretly sending SMS messages to a premium rate service in addition to its spyware activities. In one example studied, a message was sent to a premium rate service every time the victim interacted with the malicious app, while all evidence of messages being sent is hidden from the user.

A total of 53 apps are used to distribute the malware, with malicious lures disguised as a range of tools including calculators, image editors, language learning aids, adult content and more.

The first time the malware was seen, it was being distributed via a Chinese language adult content app called CuteActress, but others target those speaking English and other languages. “This is very much a global operation,” Joel Windels,VP at Wandera told ZDNet.

A selection of other apps known to be distributing RedDrop include Space Game Free’, ‘Video Blocker’, ‘Cosmos FM’, ‘Plus Italy’, ‘Paint It’ ‘Hot Tone’ and ‘Ninja Slice’. None of the apps are from the official Google Play Store, but rather third-party outlets.

But rather than directing the user to the malicious download in one quick move, researchers found that the attackers use an intricate network over of 3,000 domains which link back and forth to one another in an effort to circumvent and prevent detection techniques and increase the chances of malware successfully being installed on a device via obfuscation.

The initial download is merely a dropper, which when opened and run, will connect to a command and control server in order to download additional components. The benefit for the attackers in doing this is on its initial install, the app looks clean, therefore allowing it to follow-up by downloading additional malicious payloads.

In this instance, the additional downloads with three key functions – spyware that harvests data and records surroundings, a data exfiltration command which allows information to be taken and stored on Dropbox or Google Drive, and the ability to carry out SMS fraud.

Such is the extent to which the attackers can steal information from the device, researchers found that a call they made with a network provider was live recorded and then uploaded to the cloud storage folder controlled by the malware makers.

Wandera describes the main purpose of RedDrop as to “ruthlessly extract data from the victim” with up to eight different files downloaded in tandem to secretly steal data and send premium text messages. The combination of actions could be extremely destructive, both to the user’s privacy and their bank balance.

“This multifaceted hybrid attack is entirely unique. The malicious actor cleverly uses a seemingly helpful app to front an incredibly complex operation with malicious intent. This is the one of the more persistent malware variants we’ve seen recently” said Dr Michael Covington, VP of Product Strategy at Wandera.

It’s currently unknown who exactly the attack group behind RedDrop is, but their interest in stealing data and recording audio from devices suggests they have an interest in espionage, with enough manpower to develop a wide variety of applications and maintain sophisticated malware.

“The group responsible for RedDrop have invested a lot of resource in creating this malware and therefore would require a significant payoff to make it worthwhile,” said Windels.

“It is difficult to estimate the prevalence of this threat, but it is highly likely that RedDrop resides on a handful of devices at most large organizations,” he added.

We highlight current cyber security threats in New Zealand, and provide guidance on what to do if they affect you.

2:00pm, 4 October 2021

TLP Rating: White

FluBot malware infecting Android phones

Updated 2.00pm on 4 October:

FluBot malware is being spread through text messages on Android phones and is currently affecting New Zealanders. There are a number of different message varieties, including:

  • You have a parcel delivery that is pending
  • Someone is attempting to share an album of photos with you
  • You have received a voicemail

If you have received the texts this does not mean your device has installed the malware. Do not click on the link, as it will direct you to a page with instructions related to the message you have received, or a page that looks like a security warning that you have FluBot installed.

Visiting these pages does not mean you have been infected by FluBot, but do not follow any instructions on these pages, as that will infect your phone.

FluBot attempts to steal your banking and credit card information as well your contact list, which it uploads to a server to continue spreading itself. Once a device has been infected with FluBot it can result in significant financial loss.

Given that the wording of these texts has changed within a short timeframe, it is likely the wording will change again. Be wary of any suspicious text messages you receive, asking you to click on a link, and forward any new suspicious texts to 7726.

How to avoid malware on android

Photo: rafapress, Shutterstock

A recent report from cybersecurity firm ThreatFabric reveals that over 300,000 Android users installed trojan apps that secretly stole their banking information. While the apps have been removed and deactivated by Google, the developers used unique methods to deploy the malware that all Android users need to be wary of.

Hackers used multiple types of malware

ThreatFabric’s report only mentions a few of the malicious apps, but they include QR scanners, PDF scanners, fitness trackers, and crypto apps. Unlike other fake apps that falsely advertise their features, many of the apps in this batch of malicious Android software worked as intended. But behind the scenes, the apps were stealing passwords and other user data.

The researchers broke the apps into four separate “families” based on the specific malware used:

  • Anatsa: The largest of the four malware families, with over 200,000 combined downloads, used a banking trojan called Anatsa. The trojan uses Android’s screen capture accessibility features to steal login information and other personal data.
  • Alien:The second-most downloaded trojan was Alien, installed on over 95,000 devices. Alien intercepts two-factor authentication (2FA) codes, which hackers can then use to log into a user’s bank account.
  • Hydra and Ermac: The last two families used the Hydra and Ermac malware, both of which are linked to the Brunhilda cybercriminal outfit group. The group used the malware to remotely access a user’s device and steal banking information. ThreatFabric’s report says apps using Hyrda and Ermac racked up a combined 15,000+ downloads.

How these malware families skirt Google’s security measures

ThreatFabric reported the apps to Google, and they have since been removed from the Play Store and deactivated on any devices they were installed on. But the real issue is how hackers managed to sneak the malware into the apps in the first place.

Normally, the Play Store will catch and remove apps with suspicious code. In these instances, however, the malware didn’t ship in the initial download, but was instead added in an update users had to install to keep running the apps. Using this method, developers can submit their apps without tripping Google’s detection. And since the apps work as intended, it’s unlikely the users will notice anything amiss. However, there were a few telltale signs the updates in question were problematic, as they may have asked for Accessibility Services privileges or forced users to sideload additional software.

How to keep your Android device safe from malware

There are a few things you can do to keep your devices and data safe from similar malware apps. First, always pay attention to the permissions an app asks for — and not just the first time it’s installed, but whenever you run or update it. Delete and report the app if anything it does seems suspicious or unnecessary. There’s no reason a QR code scanner needs access to your accessibility services, for example.

Similarly, only install updates directly from the Google Play Store. If an app says it requires a sudden update but you don’t see one listed in the Play Store app, it may not be a legit patch. The same goes for random requests to sideload additional apps: The only time it’s safe to sideload apps is when you download the APK file yourself from trusted, verified sources like APK Mirror or the XDA Dev forums. And don’t forget to thoroughly vet an app before you download, even if it’s on Google Play, as hackers can fake an app’s legitimacy with misleading reviews.

While these strategies aren’t guaranteed to prevent all malware attacks, if you couple them with other cybersecurity practices like using unique passwords protected by an encrypted password manager, 2FA logins, and reliable anti-malware and antivirus apps, you’ll be much better protected from bad actors and bad apps in the future.

Cybersecurity researchers at ThreatFabric detail how password-stealing Android banking trojans were disguised as QR code readers, fitness monitors, cryptocurrency apps and more.

Danny Palmer is a senior reporter at ZDNet. Based in London, he writes about issues including cybersecurity, hacking and malware threats.

Over 300,000 Android smartphone users have downloaded what turned out to be banking trojans after falling victim to malware that has bypassed detection by the Google Play app store.

Detailed by cybersecurity researchers at ThreatFabric, the four different forms of malware are delivered to victims via malicious versions of commonly downloaded applications, including document scanners, QR code readers, fitness monitors and cryptocurrency apps. The apps often come with the functions that are advertised in order to avoid users getting suspicious.

ZDNet Recommends

  • Best VPN services
  • Best security keys
  • Best antivirus software
  • The fastest VPNs

In each case, the malicious intent of the app is hidden and the process of delivering the malware only begins once the app has been installed, enabling them to bypass Play Store detections.

The most prolific of the four malware families is Anatsa, which has been installed by over 200,000 Android users – researchers describe it as an “advanced” banking trojan that can steal usernames and passwords, and uses accessibility logging to capture everything shown on the user’s screen, while a keylogger allows attackers to record all information entered into the phone.

Anasta malware has been active since January, but appears to have received a substantial push since June – researchers were able to identify six different malicious applications designed to deliver the malware. These include apps that posed as QR code scanners, PDF scanners and cryptocurrency apps, all of which deliver the malware.

One of these apps is a QR code scanner, which has been installed by 50,000 users alone, and the download page features a large number of positive reviews, something that can encourage people to download the app. Users are directed to the apps via phishing emails or malicious ad campaigns.

After the initial download, users are forced to update the app to continue using it – it’s this update that connects to a command and control server and downloads the Anatsa payload onto the device, providing attackers with the means to steal banking details and other information.

The second most prolific of the malware families detailed by researchers at ThreatFabric is Alien, an Android banking trojan that can also steal two-factor authentication capabilities and which has been active for over a year. The malware has received 95,000 installations via malicious apps in the Play Store.

One of these is a gym and fitness training app that comes with a supporting website designed to enhance the legitimacy, but close inspection of the site reveals placeholder text all over it. The website also serves as the command and control centre for the Alien malware.

Like Anasta, the initial download doesn’t contain malware, but users are asked to install a fake update – disguised as a package of new fitness regimes – which distributes the payload.

The other two forms of malware that have been dropped using similar methods in recent months are Hydra and Ermac, which have a combined total of at least 15,000 downloads. ThreatFabric has linked Hydra and Ermac to Brunhilda, a cyber-criminal group known to target Android devices with banking malware. Both Hydra and Ermac provide attackers with access to the device required to steal banking information.

ThreatFabric has reported all of the malicious apps to Google and a Google spokesperson confirmed to ZDNet that the apps named in the report have been removed from the Play Store. Cyber criminals will continually attempt to find ways to bypass protections to deliver mobile malware, which is becoming increasingly attractive to cyber criminals.

“The Android banking malware echo-system is evolving rapidly. These numbers that we are observing now are the result of a slow but inevitable shift of focus from criminals towards the mobile landscape. With this in mind, the Google Play Store is the most attractive platform to use to serve malware,” Dario Durando, mobile malware specialist at ThreatFabric, told ZDNet.

The convincing nature of the malicious apps means that they can be hard to identify as a potential threat, but there are steps users can take to avoid infection

“A good rule of thumb is to always check updates and always be very careful before granting accessibility services privileges – which will be requested by the malicious payload, after the “update” installation – and be wary of applications that ask to install additional software,” said Durando.

The dropper apps disguised themselves as PDF and QR code scanners, as well as fitness apps.

How to avoid malware on android

Trojan dropper apps have flown under the radar on Google Play in recent months, netting over 300,000 downloads and stealthily installing malware that scoops up people’s banking details.

As mobile security firm ThreatFabric reveals, “in the span of only four months, four large Android families [Anatsa, Alien, Hydra, and Ermac] were spread via Google Play, resulting in 300,000+ infections via multiple dropper apps.”

The dropper apps disguised themselves as simple utilities, such as PDF and QR code scanners, as well as fitness apps. The Android apps looked legitimate, with many installations and positive reviews, and worked as promised, giving users little reason to suspect something was amiss.

Part of the trick here is that the apps don’t appear to have any malicious code at first. But, as ThreatFabric found, the apps “modified their behavior in later versions, adding the dropping functionality, and a wider set of permissions required.” At this point, users may trust the app and believe the update is necessary to continue using it. In the case of one fitness app, the app disguises the malicious download as a package of extra workouts the user could install.

How to avoid malware on androidThe lure in action

The apps further avoid detection by being selective about which devices and regions they’ll attack and when. This can ensure the dropper app doesn’t attempt to install the malware while the app is undergoing its initial evaluation process for Google Play, and it can avoid installation in testing environments and emulators where it might be detected.

Once on the device, the malware can skim bank details through keystroke logging, take screenshots, and request access to Accessibility Service so the malware “has full control over the device and can perform actions on the victim’s behalf,” TheatFabric explains.

Though these sophisticated tactics make it harder to identify suspicious apps, it’s still a good rule of thumb to avoid apps from unknown brands and be aware of the permissions you grant these apps. Even just file storage access can be enough to do some damage.

In response, Google is pointing to an April blog post that outlines the steps it’s taken to secure its app store, including a continued reduction in developer access to sensitive permissions, Ars Technica reports. The apps in question have been removed or are being reviewed, ZDNet says.

How to avoid malware on android

Having the best Android antivirus app installed on your smartphone or tablet is essential. After all, Android is the most widely-used operating system in the world, and that means it can be a big target for malicious users.

We do so much with our Android devices – such as mobile banking and shopping – that getting malware on your smartphone or tablet could be incredibly serious indeed, which is why it’s vital to install one of the best Android antivirus apps you’ll find on this page.

In this article, we’re going to highlight 10 of the best Android antivirus apps in 2020 – a few of which are completely FREE apps to download.

Many of them do much more than run automatic scans, and they’ll actively try to prevent malicious web pages and files from being opened or downloaded in the first place. The easy way to protect your Android phone or tablet.

  • Check out the bestAndroid VPNfor another great way to stay safe online

The best Android antivirus in 2021 is:

1. Bitdefender Mobile Security

Well-featured with tight security – the best Android antivirus app

Reasons to buy
Reasons to avoid

Bitdefender Mobile Security offers excellent protection for your Android device, with a raft of features including anti-theft, and top-notch antivirus capabilities. In fact, this android antivirus mobile app got full marks in the latest AV-Test roundup, and AV-Comparatives (the other major independent antivirus test lab) observed a protection rate of 99.9%. That’s impressive indeed.

Mobile Security gives you real-time protection for Google’s Chrome browser, and an autopilot feature that claims to be capable of making intelligent recommendations for security actions depending on your system and typical usage pattern.

There’s also a nifty privacy advisor tool that adds a layer of security to your smartwatch via its WearOn technology, which alerts you if you accidentally leave your phone behind – clever stuff.

Another interesting extra is a bundled VPN, although don’t get too excited. The provided version is restricted to extremely light use at just 200MB daily, but still, that could be useful in a pinch.

As mentioned, there are anti-theft capabilities here, and Bitdefender Mobile Security allows you to remotely locate and lock your device, or send a message to the phone or tablet (which could be very useful if you’ve lost it). It’s also possible to completely wipe the device remotely if you so choose.

There are a lot of features on offer here, then, and the asking price is more than reasonable to cover a single Android device for a year (plus if you want to give the app a spin before you buy, there’s a 14-day free trial available).

2. Norton Mobile Security

Provides innovative mobile defenses on the app checking front

Reasons to buy
Reasons to avoid

Norton Mobile Security for Android offers a wealth of features, including an App Advisor which is powered by Norton Mobile Insight, and vets apps for any possible privacy risks, or other unwanted behavior like being overly taxing on your battery (you can even get these evaluations before you install an application, which is very handy).

This mobile security suite also gets top marks for the protection its antivirus engine delivers going by AV-Test’s findings (the other main test lab didn’t evaluate Norton recently).

Other features include call blocking to protect against spam phone calls, Wi-Fi security that alerts you when you connect to an insecure wireless network, plus anti-theft features that allow you to remotely lock a stolen (or lost) device, or wipe all your data.

All this adds up to an impressive level of protection for your Android device – but are there any downsides here? Well, the app is pricey, or at least the recommended asking price is, but given the discount on offer at the time of writing, it’s actually the same price as Bitdefender above (making it an excellent buy currently, given that you get coverage for three Android devices, not just one).

3. Avast Mobile Security

A great free Android antivirus offering, but it does show adverts

Reasons to buy
Reasons to avoid

Antivirus giant Avast has produced another quality app which goes above and beyond being a mundane scanner, although that said, it does virus scanning very well, and is highly rated by the independent test labs.

Avast Mobile Security’s nifty features include an anti-theft system allowing you to track and remotely lock (or wipe) your Android device if it’s stolen, or if you lose it. There are also some interesting performance enhancing features including a junk cleaner to free up storage space, and a ‘RAM boost’ which aims to speed up your device.

The app used to be paid but is now free, albeit supported by ads. You can pay a small monthly or yearly premium to remove the adverts if they annoy you, though. Another very useful premium feature is ‘in-app locking’ whereby your device will ask for a PIN before opening certain apps. This prevents malware from launching apps such as internet banking automatically.

4. AVG AntiVirus Free

Hugely popular Android antivirus app

Reasons to buy
Reasons to avoid

AVG AntiVirus Free is another high-quality app for securing your Android device, and it delivers an impressive level of protection at no cost whatsoever. In fact, it uses the same well-liked antivirus engine as Avast above (remember that Avast bought up AVG back in 2016).

This isn’t the same product, though, and it doesn’t have some of the features you’ll find in Avast’s freebie offering. It is, however, still built around very robust core antivirus protection, plus anti-theft features which allow you to locate, lock or wipe a stolen (or lost) phone. Also like Avast, this app is ad-supported, but by upgrading to the premium version you can get rid of those adverts.

The paid Pro version of AVG comes with a whole load of extra features, including extended anti-theft capabilities (such as the device locking itself if the SIM card is replaced, and sounding an alarm), a Photo Vault to secure your photos, an app lock, Wi-Fi security scanner, and additional privacy settings, such as for blocking callers.

There are also a host of other features such as performance enhancement measures, which aim to kill unnecessary processes, turn off battery-draining settings, as well as deleting junk files such as those commonly found in temp and cache folders.

Note that you can try out all these Pro features for free, at least for the first two weeks when using AVG AntiVirus Free; but after that, you have to pay.

With so many features bundled in the Pro version, it’s no wonder this app is the most popular antivirus when you search for one in the Google Play store, with more than 100 million downloads, over 6.5 million reviews and an average score of over 4.5.

How to avoid malware on android

All kinds of information are stored on our smartphones. Time and again, criminals try to gain access to this data by hiding Trojans in emails or apps – in the case of the app “Color Message”. It served as a host for the Joker virus, which steals data from your smartphone and uses it to gain premium access to other apps, giving you a rude awakening when your next mobile phone bill arrives.


  • “Color Message” app harbors a dangerous malware.
  • The Joker virus unknowingly signs you up for premium services and steals your personal data.
  • The app has already been removed from the Google Play Store.

On smartphones, viruses like to disguise themselves as a new app in order to get onto your device. This is especially true for Trojans that want to steal your data or sign you up for premium services. The Joker virus is one such malware and, according to an analysis by Pradeo, has now appeared in the app “Color Message”. The app promises additional sticker sets and analytics for your messages – but it steals a lot of your data afterwards.

The app has since disappeared from the app store, but you’ll still have to uninstall it yourself if you downloaded it. The problem with such apps is that the Google Play Store can’t check every app thoroughly to avoid such viruses. So there are always difficulties and there is no real protection. In the case of “Color Message”, there have already been over 500,000 downloads.

How to avoid malware on android

The app “Color Message” contains a virus! You should uninstall it as soon as possible / © Pradeo

What is the Joker malware?

Malware is malicious software that infiltrates your device and tries to get your data. Joker malware is much the same. The virus has been around since circa 2017 and has been home to quite a few apps. The malware causes damage by simulating clicks and logging you into premium services. This causes your mobile phone bill to skyrocket, and you can only hope for the good will of the app operators to reimburse you.

  • Related: This is why the Pegasus malware affects us all

One of the biggest concerns is that the malware leaves hardly any traces. It is therefore almost impossible to trace where your data goes. In the case of “Color Message”, however, it was discovered that the data had been transferred to a Russian server. Fortunately, Google reacts relatively quickly in such cases and immediately removes dubious apps from the App Store.

Have you ever encountered malware? How do you protect your smartphone from malware? Let us know!

How to avoid malware on android

In another instance of threat actors sneaking malware-ridden apps past Google’s threat detection filters, cybersecurity researchers have revealed that over 300,000 users have downloaded malicious Android apps containing banking trojans.

The researchers at ThreatFabric have identified four families of banking trojans that have recently been distributed via Google Play. In a breakdown of the modus operandi, they note that these strains have collectively led to “significant” financial losses for the targeted banks.

The four trojans hid inside all kinds of apps, with the most prominent one named Anatsa, which alone accounted for over 200,000 downloads. The researchers found Anatsa inside apps that posed as QR code scanners, document scanners, and cryptocurrency apps.

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

Difficult to detect

The major takeaway from the analysis is the extent to which the apps went to avoid being flagged.

“A noticeable trend in the new dropper campaigns is that actors are focusing on loaders with a reduced malicious footprint in Google Play, considerably increasing the difficulties in detecting them with automation and machine learning techniques,” note the researchers.

Furthermore, according to the analysis, the threat actors only manually activate the installation of the banking trojan on an infected device in case they need to lure more victims in a specific region of the world. This behavior further complicates the discovery of the trojans using automated detection mechanisms.

It’s no surprise, then, that the researchers say that almost all of the trojans had a very low score on VirusTotal at some point in time.

“A good rule of thumb is to always check updates and always be very careful before granting accessibility services privileges – which will be requested by the malicious payload, after the “update” installation – and be wary of applications that ask to install additional software,” said Dario Durando, mobile malware specialist at ThreatFabric, sharing a strategy with ZDNet to help users detect trojanized apps.

  • Scan your devices with these best Android antivirus apps, and protect yourself online with these best identity theft protection services

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

How to avoid malware on android

You can never be too careful when installing new software on your devices, especially if you own an Android phone or tablet. Even if an app looks safe, there is a chance that it could contain dangerous code. Even as Google fights back by patching vulnerabilities and closing loopholes, hackers find new ways to sneak malicious apps on to the Google Play store. In fact, one week ago, a security research firm found the Joker malware in yet another popular app on Google Play.

Joker malware found in popular Android apps

Last Thursday, mobile security firm Pradeo discovered another app on Google Play infected with the Joker malware. The app is called Color Message, and over 500,000 Android users had installed the app by the time Pradeo found it. On Google’s store, the app claims to help users personalize the theme of their default messenger. Frighteningly, Color Message had a stellar 4.1/5 rating on Google Play at the time of discovery with nearly 2,000 reviews. No wonder it was so popular.

How to avoid malware on android

The good news is that Google has since removed Color Message from its mobile app store. But that does not remove it from the phones of the victims who downloaded it in the first place. Be absolutely certain that you don’t have the app installed on any of your devices. This is made far more difficult by the fact that Color Message is capable of hiding its app icon after a user installs it. Therefore, you may have to dig into your device’s settings to uninstall the app.

According to Pradeo, once the app is installed, it can access your contact list and exfiltrate it over the network. Color Message will also attempt to subscribe you to paid services without your permission. The developer posted the app’s terms and conditions on this very sketchy blog. Unsurprisingly, the blog fails to detail any of the malicious actions the app will take once on your phone.

What is the Joker malware?

Researchers first discovered the Joker malware in 2017. In the years since, it’s appeared sporadically within seemingly innocuous apps on Google Play. This is Pradeo’s breakdown of Joker:

Joker is categorized as Fleeceware, as its main activity is to simulate clicks and intercept SMS to subscribe to unwanted paid premium services unbeknownst to users. By using as little code as possible and thoroughly hiding it, Joker generates a very discreet footprint that can be tricky to detect. In the last two years, the malware was found hiding in hundreds of apps.

Here are some other infected apps that Pradeo has uncovered in recent months. None of these apps are still on the Android app store, but they might be on your phone or tablet. If they are, delete them all as soon as humanly possible to avoid having your data or money stolen:

  • Safety AppLock
  • Convenient Scanner 2
  • Push Message-Texting&SMS
  • Emoji Wallpaper
  • Separate Doc Scanner
  • Fingertip GameBox

If you want to know more about Joker, the Android security team published a helpful blog post back at the beginning of 2020. It’s worth a read if you want to know more.

Jacob started covering video games and technology in college as a hobby, but it quickly became clear to him that this was what he wanted to do for a living. He currently resides in New York writing for BGR. His previously published work can be found on TechHive, VentureBeat and Game Rant.

How to avoid malware on android

Since the earliest days of the internet, sketchy porn sites and viruses have gone hand in hand. But a new report by the cybersecurity firm Kaspersky Lab shows that hackers are using a cheeky new way of spreading malware. In short, they’re using porn as a trap, in the hopes that horny web-browsers will stumble into a pit of viruses with one click.

Kaspersky’s investigation shows that the risks are different depending on how you’re browsing for porn. Macs don’t get as many viruses as PCs, but users are still vulnerable to phishing and other exploits. Android phones are susceptible to sketchy applications, and PCs are always at risk of getting malware. Users on pretty much every device are in danger, but the risks are not unavoidable. To help you browse in peace and safety, here’s what to watch out for.

Hackers Are Stealing Your Porn

Funnily enough, Kaspersky notes that one of the most common hacks plaguing porn browsers is theft of online porn credentials themselves. If you’re a conscientious porn browser, you should probably be paying for at least some of your porn, but there will always be a market for people who want it for free, or cheaper. Hackers will often use phishing, malware, or other ways to steal users’ login info to paid porn sites like Brazzers, NaughtyAmerica, Pornhub Premium, and others, and then re-sell that info at a discount on the dark net. If you’re paying for a premium account to one of those sites, be on the lookout for scams or popups that ask for your login information, and change your password frequently. Kaspersky notes that it saw more than 5,000 sales of hacked premium accounts during its research on dark net websites.

Related: Who Still Pays for Porn? (If this sounds like you, you could be at risk.)

How to Recognize Phishing and Malware Scams

Phishing is one of the most common cyber attacks on the net. In a phishing attempt, a user is presented with a fake opportunity to voluntarily enter personal details, like emails, passwords, or credit card numbers. This can come in the form of a pop-up from a site or a fraudulent email that pretends to be from your bank, asking you to log in again. Malware is the classic “computer virus,” a sinister program that runs on your computer, usually without your noticing, that harms you in some way. You can get it by downloading a bad application on a computer or phone.

All those flashy pop-up ads promising “SINGLES IN YOUR AREA” are risky clicks, because they could send you to a phishing site or trick you into downloading malware. Phishing schemes also like to pretend to be free services, like dating websites, that ask you to enter your credit card details onto the site to “prove your identity.”

Some popups also pose as system alerts from virus software, prompting you to enter login information to “scan your computer.” Sometimes, they’ll even give users a fake phone number to call, where a hacker will actually answer the phone and — pretending to be someone official — get you to give up your details. Kaspersky’s memo notes that hackers often disguise phishing attempts as updates to Adobe Flash player, which tricks people into downloading an “update file” that is actually a piece of malware. Malware can do anything from use your computer as a click-bot to secretly click on a bunch of online ads, or log keyboard presses to steal important info like passwords and card numbers.

How to Avoid Them

Phishing is pretty simple to avoid: don’t click. If you do click, or if you get an email or a pop-up ad, don’t enter any information. Just exit out. Don’t call any phone numbers, and don’t download any software updates.

Stopping malware on porn sites is usually an exercise in discipline as well. Don’t click the side-banner ads and pop ups, and don’t agree to download any software from any website you encounter during a private-time internet session. Malware on phones can also come from apps, so don’t download any app that an ad on a porn site prompts you to download. For most browsers — like Google Chrome — Flash player is built-in, so you shouldn’t have to worry about updating it. If you’re concerned about Flash Player, go to Adobe’s official site and check for an update.

Why is Porn a Target?

Kaspersky sums up why hackers are still targeting porn users: “The difference is that, in general, victims of porn malware, especially the most severe scareware types of it, are unlikely to report the crime to anyone, because they would have to admit they were looking for or watching porn.” If you think you’ve gotten a virus from porn, or anywhere else, it’s not worth it to be ashamed. It happens. But you still need to address the problem.

Kaspersky also offers three suggestions for staying safe: use only trusted websites; don’t download applications from unknown sources; and don’t buy hacked accounts to porn sites (the ones for sale on the dark net). Go forth, and watch porn safely.

How to avoid malware on android

Source: Daniel Rubino / Windows Central

What you need to know

  • Hackers are utilizing a fake version of KMSPico to spread Cryptbot malware to PCs.
  • The authentic version of KMSPico is a tool used by pirates to bypass Windows and Office license requirements.
  • The attack is particularly dangerous because using KMSPico often requires people to disable antimalware software.

A popular pirating tool is being imitated by malicious actors in an attempt to spread malware. According to a report by Red Canary from December 2, 2021, fake versions of KMSPico have been utilized to get malware onto PCs. If someone allows their system to be compromised by the fake software, the Cryptbot malware can steal credentials.

KMSPico is a tool used to circumvent license fees for Windows and Office. It uses Windows Key Management Services — a tool frequently used for legitimate reasons by enterprise clients — to fraudulently activate software.

Because KMSPico is used to pirate software, many antimalware tools flag it as a potentially unwanted program (PUP). Because of this, pirates will often disable security features to use KMSPico. This makes a fake version of the software is especially dangerous, as PC owners may have voluntarily left themselves defenseless.

Cryptbot can collect sensitive information from the following applications:

  • Atomic cryptocurrency wallet
  • Avast Secure web browser
  • Brave browser
  • Ledger Live cryptocurrency wallet
  • Opera Web Browser
  • Waves Client and Exchange cryptocurrency applications
  • Coinomi cryptocurrency wallet
  • Google Chrome web browser
  • Jaxx Liberty cryptocurrency wallet
  • Electron Cash cryptocurrency wallet
  • Electrum cryptocurrency wallet
  • Exodus cryptocurrency wallet
  • Monero cryptocurrency wallet
  • MultiBitHD cryptocurrency wallet
  • Mozilla Firefox web browser
  • CCleaner web browser
  • Vivaldi web browser

Red Canary suggests that PC owners activate software through legitimate means. “A pirate’s life is not the life for us, especially when it comes to cracked software. KMSPico is license-circumvention software that can be spoofed in a variety of ways, and in this case a malicious version led to an interesting Cryptbot infection designed to steal credentials.” The report concludes by saying, “save yourself the trouble and go for legitimate, supported activation methods.”

How to avoid malware on android

A new patent shows Microsoft is thinking about a ‘Surface Trio’

A new patent from Microsoft reveals that the company is thinking about making a triple-screen computing device. While it sounds weird, it could actually solve one of the biggest complaints about the Surface Duo’s design.

How to avoid malware on android

These are the biggest Microsoft news stories of 2021

New Surface hardware, Windows 11, and a great year for gaming made 2021 a big year for Microsoft-related news. Here are the biggest stories from 2021.

How to avoid malware on android

Forza Horizon 5 was the one game from 2021 that ticked all the boxes

2021 was an eventful year for video games. Between game delays, hardware shortages, disappointing launches, and a surprising number of fantastic games, Forza Horizon 5 was a highlight of 2021 for me.

How to avoid malware on android

These apps help you customize the look of Windows 11

Windows 11 has a new look, including a new Start menu and redesigned Taskbar. If you don’t like the look of Windows 11, you can customize it with these apps.

Many apps on Play Store are infected with Joker Malware.

Android malware has emerged on Google play store apps like a Smart TV Remote app, Halloween Coloring, and more. The malware researcher at Kaspersky has warned about the notorious Joker Malware.

Google has immediately removed the apps after reports from users. The security researcher, Tatyana Shishkova, highlighted two apps on the play store that are infected with Joker malware.

The Smart TV remote app was released on 29 October and was installed more than 1000 times. According to the reports, these two are not the only apps having Joker malware; there are many other apps that are dangerous.

Google Removed These Malicious Apps From Play Store

How to avoid malware on android

In a post on Twitter, Tatyana Shishkova listed apps that contain dangerous malware.

#Joker Android Trojan on Google Play: Nov 9, 10+ installs
Step 1: https://banmama.oss-us-west-1.aliyuncs[.]com/easypdf
Step 2: https://banmama.oss-us-west-1.aliyuncs[.]com/belong

— Tatyana Shishkova (@sh1shk0va) November 11, 2021

When you install an app containing Joker malware, it stays in the background for a while, and later it does its dirty work. It can steal SMS messages like OTP and can also sign up to paid subscriptions of pounds or dollars per month. All this is done behind your back without you knowing.

However, Google has removed these malicious apps from the Play store. But here is the list of dangerous apps; check out and delete the app if you have any of them.

  1. Classic Emoji Keyboard
  2. Battery Charging Animations Battery Wallpaper
  3. Battery Charging Animations Bubble Effects
  4. EmojiOne Keyboard
  5. Easy PDF Scanner
  6. Flashlight Flash Alert On Call
  7. Halloween Coloring
  8. Now QRcode Scan
  9. Dazzling Keyboard
  10. Smart TV remote
  11. Volume Booster Louder Sound Equalizer
  12. Volume Booster Hearing Aid
  13. Super Hero-Effect

Most of the apps have similar names. So, the researchers have warned about the Battery Charging apps, but later it was removed from the play store.

Though the names of the apps are the same, the developers and app icons aren’t the same.

So, you must avoid becoming a victim of Joker malware. As most of them think that downloading an app from Play Store is safe, but in reality, Google can’t stop malware apps from its security measures.

It is better to avoid installing such apps, instead first read reviews before downloading any app. This gives you a hint of whether the app is dangerous or not, but if the app is still new, you won’t know.

FluBot is malware – like a computer virus – that can be installed on your Android device if you click on a malicious link in a SMS message. This malware then sends many similar text messages to other people from your phone without your knowledge, potentially infecting them. Telstra has identified a number of handsets recently which we believe are potentially infected.

I’ve been getting heaps of these dodgy text messages.. I know I’m not alone. So I asked @Telstra and they solved the mystery!!

— Em Rusciano (@EmRusciano) August 11, 2021

If installed, the malware has wide access and can harvest your contact list to further spread, as well as accessing your personal information and banking details if you used it while infected. If infected, you should urgently remove the malware and change all your passwords, using another device that is not infected.

The Flubot malware has started to appear in Australia after circulating around Europe for some time. We’ve documented this on our Recent Scams page, but it’s worth educating yourself to stay safe. Read on to find out more.

How do phones get infected?

You may receive an SMS from another mobile telephone number with a message like

“a1bcd2 Voicemail: You have 1 new Voicemail(s). Go to [link]”

If you click on the link, you will be taken to a web page displaying a trusted brand (like Telstra) and prompted to install an app, for example to listen to the voicemail message. If you give permission to install, then the Flubot malware will be loaded on your handset.

Flubot is a sophisticated piece of malware because it spreads by sending SMS messages to random mobile numbers, as well as mobile numbers scraped from a compromised Android device’s contact list. Each time it does this it creates a new, unique link, making it difficult to block at a network level. These messages are also being sent from infected devices all across the world that have fallen victim to the malware.

To have your mobile phone compromised by the Flubot malware, you would have to click on the link and visit the malicious website in the SMS you receive. It will only affect Android phones that have previously enabled the ‘side-loading’ of applications onto the device (which means the device is configured to permit the installation of software from less trustworthy locations than the Google Play Store) – so unless you’ve done this, you can rest easy.

How can I tell if I’m infected?

If your device is infected with Flubot, you will not know if your personal data is being accessed, and you will not be able to see your handset sending SMSes to infect others. The following are warning signs:

  • In your apps is a new app called “Voicemail” with a blue cassette in a yellow envelope. If you try to uninstall you receive an error message “You can not perform this action on a system service.”
  • You receive text messages or telephone calls from people complaining about messages you sent them but you did not know about the messages.
  • Telstra may detect you sending very high volumes of messages and send you an SMS, saying: “Your phone is sending many SMS and may be infected with malware/virus. Please remove the malware app or we may suspend your ability to send SMS. Search FLUBOT on Telstra website or call us for help.”

What can I do?

Importantly, just because you’ve received this message does not mean that your phone is already affected. If you’ve just received one of these messages, do not open the link and you’ll remain protected.

If you have clicked on the link and downloaded the software, chances are your device is now infected.

Most popular anti-virus applications for Android phones will detect Flubot to prevent infection, as well as clean up a currently infected device. Some information on how to remove Flubot from an Android device is available from security researchers at ESET, F-Secure, and our own CrowdSupport help page.

However, the instructions can be very technical. If this sounds too techy for you, you can also do a factory reset on your phone, which erases the malware.

Remember, performing a “restore” of any recent backup may restore the malware if a backup was done while the malware was installed, so, it’s important that after a reset, you not do this, use an back up that is dated earlier.

After you’ve removed the malware/virus from your phone, we recommend changing your passwords as a precaution. Do not change your passwords before removing the malware.

We’re working with the security community to address this scam. For now, as always, our advice is to be especially cautious of phone calls, messages and emails from an unfamiliar source, and not to click on links that you don’t trust. If you think your Telstra account has been compromised, get in touch with us.

You can report a scam to Telstra using our website, or call us on 13 22 00. If you want to learn more, we also have more cyber safety advice on our website.

How to avoid malware on android

By Clive Reeves

Deputy Chief Information Security Officer – Telstra

Clive is the Deputy Chief Information Security Officer and has over 20 years’ experience in cyber security risk management, engineering and operations. Clive leads critical customer-facing security capabilities including the Telstra Security Operation Centres and the Defence Engagement Security Team. Clive was previously the CISO for Telstra’s Defence Engagement Team and also managed a secure ops and incident response centre. Prior to joining Telstra, Clive worked for the Australian Government and served in the Royal Australian Air Force (RAAF). Clive is an engineering graduate of RMIT and holds an MBA in Technology Management.