Recent online buzz about certain Android apps compromising internet security and potentially complicating the lives of their users in various ways serves as a reminder of how we can protect ourselves from online threats.
In short, apps that have been downloaded over 11 million times via the Play Store were installing trojans (specifically, the Necro trojan was the most “successful”) that secretly took control over some highly dangerous and sensitive functionalities of mobile phones, such as:
- Displaying ads while the user wasn’t using the device, allowing attackers to profit further from ad platforms and reducing the user’s mobile data quota;
- Intercepting OTP (One-Time Password) messages used for user authentication;
- Recording screen activity and keystrokes;
- Enabling remote control, and more.
Google has recommended that users activate Play Protect as soon as possible to reduce the risk of infection from this malware. This once again highlights one of the main ways to protect yourself online: always update security software on your devices.
In recent weeks (as well as months and years), users have been infected through extensions for popular apps, which could be downloaded outside of the Play Store. In this way, mods and plugins for apps like Spotify, WhatsApp, Minecraft, and many others have started to pose a threat because their installations included additional pieces of software that were not originally present.
To ensure your favorite apps do only what you expect them to do—and not serve a hacker in the background—avoid installing unofficial add-ons that are found outside of official Play Stores or App Stores, no matter how appealing they might seem at first glance. If one of these add-ons is so functional that it’s only available outside of official app markets, and it’s free, think carefully about why that is—could there be something hidden in the background that might cause you trouble later?
(photo: https://www.pexels.com/)
