Delete these malicious Android apps now before they log-in to your Facebook account

Delete these malicious Android apps now before they log-in to your Facebook account
Security firm Trend Micro has discovered some optimizer and utility apps that were listed in the Google Play Store that could load as many as 3,000 different variants of malware on an infected phone. These apps have been installed a total of 470,000 times. Google has already removed the malicious apps from the Play Store although they could remain installed on Android phones.

We usually suggest that Android users check out the comment section in the Google Play Store before installing an app from an unknown developer. This way you might be able to find red flags from Android users warning you to stay away. However, the bad actors who developed this malware can use it to hijack an infected device and post positive reviews for the malicious apps. A screenshot from one of the apps shows several positive comments from different users, but all of them have the same comment! If you see something like this in the Play Store comment section, do not install that app. These apps can also run ads and have the infected device click on them to help the criminals behind the enterprise get paid. And the malware has the ability to log-in to a victim's Google and Facebook accounts.

Without icons on the app launcher, this malware is hard to uninstall or even discover

The 3,000 variants of malware or malicious payloads disguise themselves as system applications so there are no icons on the launcher or the app list. Thus, the user might not even know that his/her phone is infected. And if he or she does figure it out, uninstalling the app is going to be quite difficult. The apps trick users into enabling certain Android permissions and disabling Google Play Protect which is supposed to scan for malware on Google Play Store apps before they are installed.

The countries most impacted by this campaign were Japan, Israel, Taiwan, the U.S., India, and Thailand. The affected apps include:

Another report, this one from Cofense (via ArsTechnica) reveals that a phishing scam is leading unaware Android users to download apps containing malware called Anibus. The bad actors send out attachments that appear on the surface to be invoices. Instead, they are actually APKs used to install malware-loaded Android apps. Users who download the fake invoices and allow their phones to sideload apps will see a fake Google Protect message that asks for two privileges; the latter disables Google Play Protect and agrees to 19 permissions. The malware then scans an infected device looking to see if it has any of 263 banking and financial apps installed. If one of these apps is loaded on a phone, when the user opens it a fake log-in page is displayed allowing the attackers to steal the passwords for these apps.

Other things that Anubis can do includes capturing screenshots, changing settings, opening and visiting any URL, recording audio, making calls, stealing the contact list, sending texts, receiving texts, deleting texts, locking the device, getting the user's location via GPS, looking for files, encrypting files on the device and external drives, grabbing remote control commands from Twitter and Telegraph, pushing overlays on the screen and stealing the ID of a particular device.

And once the attacker is done with the infected phone, he can remotely "destroy it." A researcher with security firm Cofense wrote, "For example, once the attacker has harvested and exploited all the credentials, contacts, emails, messages, sensitive photos, etc., they might choose to encrypt the phone for a ransom or simply destroy the phone out of malice."

These examples make it clear that smartphone users need to restrict the apps they install to those produced by developers they know of. And if a user receives an email or text message asking him to download an invoice in the form of an attachment,  he should call the company first to make sure it is real.



7. cevon3239

Posts: 208; Member since: Jan 01, 2020

It is so surprising, with legitimate apps from well known and trusted names of devs who offer these types of apps, that people just download an install an app just based on reviews or title of the app. I know there are lots of choices, but their are names from devs who have been making those tools for years and their apps have never been subjected to this type of stuff. I don't understand how people just don't do some simple research before installing apps or games.

9. Vokilam

Posts: 1485; Member since: Mar 15, 2018

You know, you’re one biggest hypocrite here. You cannot breathe if you don’t trash every Apple article, but here you’re just a sensible saint. I’m so sick of seeing your posts.

2. S4NDY

Posts: 277; Member since: Mar 14, 2016

I think you have some of these in the comments section too

4. asirfaysal

Posts: 109; Member since: Jul 19, 2016

Very annoying

8. mariosraptor

Posts: 195; Member since: Mar 15, 2012

Well said.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless