Android fans have been put on alert and warned about a password risk involving smartphones using the hugely popular Google mobile OS.
More than 50 malicious apps designed for kids as colouring apps or games found on Google play has no functionality other than displaying interstitial ads that cover the entire device screen.
Mobile security researcher Lukas Stefanko identified the malicious app and reported to Google Security team, now most of the apps have been removed but few are still available to download.
Another set of fake finance apps was found by Antivirus & Internet Security Solutions company ESET South Africa and finance apps.
ESET South Africa said in a statement: “The apps have impersonated six banks from New Zealand, Australia, the United Kingdom, Switzerland and Poland and the Austrian cryptocurrency exchange Bitpanda. Using bogus forms, the malicious fakes phish for credit card details and/or login credentials to the impersonated legitimate services.”
Once these malicious apps installed and launched it displays error and hides from user view and continues to run the background.
The malicious fakes were uploaded to Google Play in June 2018 and were installed more than a thousand times before being taken down by Google. The apps were uploaded under different developer names, each using a different guise, however, code similarities suggest the apps are the work of a single attacker. The apps use obfuscation, which might have contributed to their slipping into the store undetected.
Android smartphone users have been put on alert about a risk affecting devices. Android is one of the most used pieces of software in the world, with over two billion devices using the Google mobile OS each and every month. These numbers are only going to be added more with the upcoming release of high-profile Android devices like the Pixel 3, Pixel 3 XL and OnePlus 6T.