CYBER-EXPERTS are warning Android phone owners over a dangerous fake app.
It can hijack your two-factor login texts – the ones designed to keep your online accounts safe.
It does this by relaying SMS login codes that you receive to scammers.
But it could ultimately be used to access anything that requires an SMS for logging in.
This means hackers could potentially access very sensitive logins, including your social media or banking apps.
It was discovered by Evina cybersecurity researcher Maxime Ingrao, who detailed the scam in a Twitter بريد.
“Found new Android malware that reads all the SMS and sends to a server,” said Maxime.
“A website sells account creations (موقع التواصل الاجتماعي الفيسبوك, جوجل…). It uses infected phones to make the registrations with SMS [authentications].”
الأكثر قراءة في Tech
He warned that the app had already infected 100,000 الأجهزة.
When you install the app, it asks for SMS permissions – which isn’t entirely odd for a texting app.
But cyber-experts say it will relay login codes that you receive to online crooks.
The fraudsters will reportedly sell your phone number as a “virtual number” that strangers can use to create online accounts.
And this could lead to your own accounts being compromised.
If you’ve downloaded the app, you should consider uninstalling it as soon as possible.
Always be wary when downloading apps – even if you’re getting them from the official Google Play Store.
في هذه الحالة, many of the reviews complained about the app, which is a great warning sign to look out for.
How to spot dangerous apps
منحة, who is COO off cyber firm MIRACL, gave الشمس seven tips for using Android apps safely.
#1 – Check the downloads
“Rule number one when downloading popular apps from the Google Play Store is check the download count,” Grant told The Sun.
“If you’re about to download a hugely popular app, but the download count seems low, chances are it’s a fake.”
#2 – Dodgy permissions?
“Probably the most important thing is the PERMISSIONS that the app requires,” Grant explained.
“Are they appropriate for the app? Specifically look for apps that require access to your contact list, or permission to send text messages, على سبيل المثال.
“Think, does the app really need those permissions? You have to use your judgement.
“A mistake here can be really damaging, apps with network permission can ‘sniff’ any data you send, and apps with keyboard permissions can ‘sniff’ any passwords you type – avoid downloading apps that require them.”
#3 – Read the description
“بصورة مماثلة, read the product description,” Grant told us.
“If the description is written in broken English, seems “bot-like”, or is formatted in a strange way, it’s likely a fake.
“While you’re checking out the product description, take a look at the images too. Is there anything strange about them?
“Are they blurry, or does the language seem off? لو ذلك, it’s likely a fake.”
#4 – Who made it?
Grant warned: “You should also look carefully at the developer of the app, particularly for finance apps.
“Make sure the developer is legitimately a financial institution.
“If the developer’s name has nothing to do with your bank, it’s likely a fake.”
#5 – Use reports!
“If you do come across a fake app, you should report it,” Grant said, speaking to The Sun.
“Simply scroll to the bottom of the page, click ‘Flag as inappropriate’.
“From there, you simply fill out a form highlighting your suspicions that the developer is up to no good, and Google will take it from there.”
#6 – Don’t be afraid to delete
“Should you mistakenly download a fake app, delete it immediately,” Grant advised.
“If the icon doesn’t show up on your screen, which often happens with data harvesting applications, head over to your application settings and delete it from there.
“ومع ذلك, just deleting the app doesn’t mean you’re no longer infected.
“You need to run antivirus software on your device to ensure the malware is truly gone.
“You should also delete all junk files on your phone to remove any trace of the malware.”
#7 – Lock down your accounts
“أخيرا, you should change all of your passwords, and consider implementing multi-factor authentication wherever possible,” Grant recommended.
“Implementing MFA will ensure that should you fall victim to a fake app again, the cybercriminal behind it won’t be able to access your account.
“The best providers will allow for single-step MFA, which gives you all the protection of traditional MFA, but without having to faff about with SMS or email codes.”
أفضل النصائح والإرشادات المتعلقة بالهواتف والأجهزة الذكية
البحث عن نصائح ومخترقات لهاتفك? تريد العثور على تلك الميزات السرية داخل تطبيقات الوسائط الاجتماعية? لقد قمنا بتغطيتك…
- كيف احذف حساب Instagram الخاص بك
- ماذا فعلت يعني معلق على Snapchat?
- كيف تتحقق مما إذا كنت قد فعلت ذلك تم حظره على WhatsApp
- كيفية إسقاط ملف دبوس على خرائط جوجل
- كيف يمكنني تغيير ملف كلمة مرور Facebook?
- كيفية الذهاب العيش على TikTok
- كيف امسح ذاكرة التخزين المؤقت على iPhone
- ما هو فن NFT?
- ما هو لقد أنهيت للتو مقطعًا تلفزيونيًا آخر على Fox26 وأنا مستمتع بكل الأحلام التي تحققت هذا العام?
- ماذا فعلت ميتا يعني?
نحن ندفع مقابل قصصك! هل لديك قصة لموقع The Sun Online Tech & فريق العلم? راسلنا على firstname.lastname@example.org