Fake Subscription Services
Some malicious developers strive to create services that serve the good faith of people. Who would be starting to doubt an application that offers caller identity based on a phone number? Later, of course, it would turn out that the service is awful. The problem is the monthly subscription which is already charged. Whether it’s iOS AppStore or Google Play if you cancel your subscription and complain, you won’t get your refund.
The solution to educating technically inexperienced users, which we admit, will not be an easy task, so this modern form of a scam will survive for some time.
Hiddad is an unsuspicious application. It can be even a simple retro game with code running a Trojan virus behind the scenes. We are talking about the Android-specific environment. There are other application stores outside of Google Play, where even a little minimalist and attractive game may have a little Trojan surprise.
Solution: For Android, download apps only from Google Play.
According to some experts, the Chinese government has already installed malicious programs on the phones of tourists visiting the country. Some governments are seriously threatening that encrypted chat applications like WhatsApp or even Russian Telegram use end-to-end encryption. Unencrypted data can be accessed by attacking only one endpoint. The device has a local copy of the chat. A perfect example is a recent incident involving the observation of the Uygur and the Tibetan community.
Solution: Conscious protection, use of VPN, and other security features, e.g., if the device is lost or stolen, all data on it can be deleted remotely.
Android also allows you to install programs on your device by turning on Sideloading. How-To Geek explains: Just because an app isn’t available from the Google Play Store – you can’t effectively install non-Play Store apps on any Android phone, tablet, or other device by enabling one simple toggle. This practice is called “sideloading.”
This explanation sounds very lovely, but the majority of users are not aware of the risk. This way, even a trojan-like remote access code could get into the APK and thus the device.
Solution: The user should look around the source and security of the application.
The purpose of this method is to reach bank accounts and transfer money to a hacker’s bank account. The first step always starts with monitoring the victim’s device with malware. After all, an attacker needs to know which banking application is on the device. The next step is to obtain the victim’s mobile number, which would be required for identification for a bank. The identification code (which is usually never the same) arrives on the mobile device and is now the way for the hacker. The attack takes place immediately after the code is acquired, as the PIN code works with a time limit.
Solution: Avoid getting apps from unauthorized sources. Keep your system security updates up to date.
According to an Avast expert, tracking your spouse’s or partner’s mobile phone is a serious problem today. Some only want to see the current location of their partner’s mobile phone, while others monitor its Whatsapp, Messenger, and call activity. According to recent research, there are also links between Stalerware and domestic violence.
Malware via Windows
A more sophisticated way of installing Android malware is through the Windows operating system. A Windows user deliberately turns off his / her antivirus system due to access and installation of various extensions and applications. This method could also transfer the malicious mobile app on PC, which will later get to Android mobile with sync.