May 18, 2024
By Cybervergent Team

Brand Impersonation: Malicious Twitter, Google, Instagram, and WhatsApp Android apps steal credentials

Threat actors are really on the wild as malicious androidapps have been discovered posing as popular platforms like Google, Instagram, Snapchat,WhatsApp, and X (formerly Twitter) to deceive users and steal theircredentials. These apps employ brand impersonation techniques to trickunsuspecting Android users into providing sensitive information, includingpasswords.

Key Findings:

1.     Malicious Android Apps:Hackers are utilizing a combination of malicious apps and brand impersonationto carry out their attacks. These apps mimic the appearance and functionalityof popular platforms, making it difficult for users to identify them asmalicious.

 Can you spot the difference?

 

2.     Stealing Credentials:Once installed on a victim's device, these malicious apps request sensitivepermissions, such as Android Accessibility Service and Device Admin Permission.If granted access, the apps gain control over the device and can silently stealsensitive data, including usernames and passwords.

Screenshots expose a malicious app posing asInstagram on Android

3.     Command and Control Server: Themalicious apps establish a connection with hacker-controlled command andcontrol (C&C) server. This server provides additional instructions to theapp, enabling it to read messages, call logs, access notification data, sendmessages, and even open malicious websites for phishing purposes.

4.     Fake Login Pages:The primary method employed by these malicious apps to harvest credentials isby redirecting users to fake login pages. These pages imitate popular serviceslike Instagram, PayPal, Netflix, Microsoft, WordPress, LinkedIn, ProtonMail,and Yahoo. Users are prompted to enter their login credentials, which are thenstored and relayed back to the hackers.

To better protect yourself from these malicious Androidapps and similar cybersecurity threats, consider the following measures:

1.     Be cautious when downloading apps:Carefully review app ratings, reviews, and if possible, watch video reviewsbefore downloading any new app. Avoid downloading apps from unofficial sourcesor sideloading APK files, as these can be potential sources of malware.

2.     Enable Google Play Protect:Ensure that Google Play Protect, a pre-installed security app, is enabled onyour Android device. This app scans both existing and new apps for malware,providing an additional layer of protection.

3.     Use reputable antivirus apps:Consider installing one of the best Android antivirus apps alongside GooglePlay Protect. These apps offer advanced malware detection and preventionfeatures to safeguard your device.

Remember, cybersecurity isnot a passive endeavor. It requires active participation and a commitment tostaying informed and implementing best practices. By taking these steps, we cancollectively create a more secure information ecosystem for ourselves and thosearound us.