According to the most recent detection statistics compiled by Dr. Web antivirus for Android, more than two million users were duped into installing and utilizing apps that were backdoors for malware, phishing, and adware. These apps masqueraded as rewards apps, utilities, or system optimizers, but caused device performance issues, advertisements, and other malware. Even though many of the reported high-risk apps have been removed from the Google Play Store, you should still remove these apps from your device.
These apps are shells for a module that receives instructions via Firebase Cloud Messaging and then loads websites in the browser to display advertisements.
Another highlighted app is Tubebox, where users can earn money by watching videos and advertisements. Users are promised coins or coupons that can be exchanged for real currency and withdrawn via a variety of payment methods. However, the app fails to pay its users by notifying them of errors, but it encourages them to continue watching videos and advertisements to continue earning while the issues are resolved.
Dr. Web also discovered several apps posing as Russian banking or investment organizations, or even directories or survey programs, but which were loan scams. Cybercriminals asserted that users could learn to invest to make profitable investments and trade natural gas. In reality, these fake apps loaded specially crafted websites designed to trick users into participating in fraudulent surveys, registering accounts, and submitting applications so that their personal information could be harvested.
Again, we cannot stress this enough: if you suspect that you may have installed a malicious app, please delete it immediately. In the future, if an app you want to install seems suspicious or too good to be true, you can examine reviews and the developer’s website for indications of paid comments, pre-written content, and other red flags. Almost always, however, it is best to err on the side of caution and trust your instincts.
