Phishing apps posing as popular payment services infiltrate Google Play

Discussion in 'Off-Topic' started by Sefie, Apr 29, 2016.

  1. Sefie

    Sefie

    Joined:
    Jan 15, 2014
    Messages:
    947
    Likes Received:
    183
    Google’s efforts to police the Android app store—Google Play—are far from perfect, with malicious apps routinely slipping through its review process. Such was the case for multiple phishing applications this year that posed as client apps for popular online payment services.

    Researchers from security firm PhishLabs claim that they’ve found 11 such applications since the beginning of 2016 hosted on Google Play, most of them created by the same group of attackers.

    http://www.pcworld.com/article/3063...-payment-services-infiltrate-google-play.html
     
    Sefie, Apr 29, 2016
    #1
    1. Advertisements

  2. Sefie

    sparkster

    Joined:
    Aug 15, 2015
    Messages:
    139
    Likes Received:
    26
    Malware on mobile devices is something which I have warned about many times, including on these forums, and yet many people still seem to be of the opinion that they don't need an antivirus or security software on their mobile device. In reality, mobile devices are much more prone to attack and are much easier to be exploited by hackers or malware.
     
    sparkster, May 1, 2016
    #2
    1. Advertisements

  3. Sefie

    Sefie

    Joined:
    Jan 15, 2014
    Messages:
    947
    Likes Received:
    183
    Yeah, that is why I have an antivirus ;) Just in case, I've always said that when ti comes to most things it's better to be safe than sorry always. An antivirus is always a good idea, but just in case I never bank with my mobile.
     
    Sefie, May 2, 2016
    #3
  4. Sefie

    IcyBC

    Joined:
    Jul 12, 2015
    Messages:
    756
    Likes Received:
    116
    Those app reviewers are not doing a good job, fire them :) This is one of the reasons why I hate using my mobile phone to pay bills or anything like that. We can never be so careful as each day there will be more hackers, and more madness continue to surface!!
     
    IcyBC, May 6, 2016
    #4
  5. Sefie

    Novelangel

    Joined:
    Apr 29, 2016
    Messages:
    71
    Likes Received:
    11
    I never access personal information such as bank account balances on my phone, plus, I don't buy apps on play store. If I must download an app, it will be from the free resources and I don't provide google with a credit card number, even though they keep asking for it. I find it curious that google wants that information whether you actually buy something or not. It seems more logical to wait until you actually make a purchase before you update the credit card information. I have heard it said in the past that mobile devices are actually safer when it comes to viruses and malware... apparently that information was incorrect. I take it I should get me some kind of antivirus/malware protection for my phone? Any suggestions?
     
    Novelangel, May 12, 2016
    #5
  6. Sefie

    obliviousme

    Joined:
    Apr 26, 2016
    Messages:
    106
    Likes Received:
    5
    As far as i know, Apple doesn't allow any types of sketchy apps on the appstore, doesn't android have the same policy on their store? That's kind of alarming since everyone nowadays have their credit card information stored on their appstore/googlestore so it's way too easy for the malicious app developers to succeed on their agendas.
     
    obliviousme, May 12, 2016
    #6
  7. Sefie

    sparkster

    Joined:
    Aug 15, 2015
    Messages:
    139
    Likes Received:
    26
    In my opinion, Avast (either the free or paid version) is one of the best mobile Antivirus programs that you can get from Google Play. AVG is another popular choice and I think Malware Bytes is now also available on Android.

    True but with mobile devices there's really only so much they can do. For example, an app may function legitimately for a set period of time (say 3 months) and could then attempt to download malicious data in the background as an update. Or a future update could be applied to collect contacts phone numbers or to use your mobile to call a premium rate number in the background. Mobile devices have so many more functions which can be exploited than a computer does that it's really impossible to filter them all out or know about their background functions until they have been in use for a relevant period of time.
     
    sparkster, May 12, 2016
    #7
  8. Sefie

    obliviousme

    Joined:
    Apr 26, 2016
    Messages:
    106
    Likes Received:
    5
    You do have a point. I guess it all comes down to the subscribers, everyone will just have to be cautious of their online activities, that's the safest way in maintaining your security and privacy.
     
    obliviousme, May 14, 2016
    #8
  9. Sefie

    Novelangel

    Joined:
    Apr 29, 2016
    Messages:
    71
    Likes Received:
    11
    Malware Bytes is available on Android? That's excellent! I will have to search for it in the play store and see what I come up with. I've used it for years on my various computers without much trouble, except for the first computer I ever tried it on when I accidentally downloaded a virus instead of the malware program. I typed in malwarebytes.com rather than .org, or something like that and ended up having to get the real malware bytes to get rid of the stupid virus I received instead. It was a particularly nasty virus too, and almost wouldn't allow me to download the antivirus program, but I persevered and got the job done. However, that particular computer was never really the same again, even with the virus gone. :(
     
    Novelangel, May 15, 2016
    #9
  10. Sefie

    sparkster

    Joined:
    Aug 15, 2015
    Messages:
    139
    Likes Received:
    26
    Ah, those rogue malicious antivirus programs which pose as legitimate security software - they can be extremely annoying and eventually take over your entire system. You have to watch out for those, they'll just keep downloading more malware in the background. Yes, Malware Bytes is now available on Android from Google Play here: https://play.google.com/store/apps/details?id=org.malwarebytes.antimalware
     
    sparkster, May 16, 2016
    #10
  11. Sefie

    Novelangel

    Joined:
    Apr 29, 2016
    Messages:
    71
    Likes Received:
    11
    Thank you. I am downloading it now and installing it on my phone. Ah, there we go. It's scanning my phone right now and it just told me my device has security issues, but I don't think that's a major problem. It hasn't found anything yet on the full scan so I think I'm good to go. It's a new phone though, so probably not a problem yet as I haven't downloaded that much stuff yet.
     
    Novelangel, May 16, 2016
    #11
  12. Sefie

    IBMPC8088

    Joined:
    Feb 1, 2016
    Messages:
    371
    Likes Received:
    145
    This is why we can't have nice things. Every time a new platform or device or service is provided, the same types of people migrate to it and adapt some sort of mlm or scam to it or other sneaky thing that isn't honest and targets people to take advantage of them.

    This is yet another reason why I really feel people should know the hardware and software of everything they have in and out. It makes it harder for them to get one over on you and others if you are able to see and know exactly how a program should work reasonably on a device, and be able to notice things that are out of the ordinary or spoofs to the extent that you can stay safe (or at least safer) from it. They don't have to be developers but just know what is ok and what is dangerous by knowing what to look for.

    Usually, most of the phishing attempts from emails could be avoided if people only checked the x-headers first or went only to the official site for a bank to verify the information. The same could keep most people safe if they made sure to only install and use a mobile program from the verified provider for those only from a link on the official site that provies it.
     
    IBMPC8088, May 16, 2016
    #12
  13. Sefie

    Sefie

    Joined:
    Jan 15, 2014
    Messages:
    947
    Likes Received:
    183
    You read my mind, IBMPC8088. We just can't have nice things because of those idiots who want to take advantage of everything, just because they can. Those worthless leeches. They deserve a really hash punishment, if you ask me. There is nothing lower than stealing the hard earned money of a honest worked, specially in this way... shameful.
     
    Sefie, May 17, 2016
    #13
    IBMPC8088 likes this.
  14. Sefie

    Sefie

    Joined:
    Jan 15, 2014
    Messages:
    947
    Likes Received:
    183
    That is why I haven't bought anything on the Google store, I just don't like the idea of entering my personal as well as financial data in there. Too risky if you ask me D: Specially considering how unsafe the Google store is... so many malware apps! I actually read an article on this... how most of those flashlight apps are actually malware.
     
    Sefie, May 17, 2016
    #14
  15. Sefie

    Sefie

    Joined:
    Jan 15, 2014
    Messages:
    947
    Likes Received:
    183
    I actually think they do that so is more likely you will buy something out of pure compulsion ;) Pretty bad if you let your kid play with your phone as well. An yeah, you should always have an antivirus installed, specially if your device is an android based one.
     
    Sefie, May 17, 2016
    #15
    Novelangel likes this.
  16. Sefie

    Sefie

    Joined:
    Jan 15, 2014
    Messages:
    947
    Likes Received:
    183
    Yeah, I never use my mobile to pay for anything or access PayPal. Is not like I trust my computer is 100% safe (my credit card details were stolen after only one use), but it definitely is safer than my mobile. I've an Android based mobile... so I don't feel so safe, because there doesn't seem to be a clear distinction between legit and malicious apps... I mean, they said most flashlight apps are malicious. How come they are still around?
     
    Sefie, May 17, 2016
    #16
  17. Sefie

    sparkster

    Joined:
    Aug 15, 2015
    Messages:
    139
    Likes Received:
    26
    I did buy an app from the Google Play store for my daughter, that's the only app I've ever purchased. However, I later realized that my bank details were still held on the system so I removed them only to find out that the app I purchased for my daughter had been disabled. She now has to pay for it again if she wants to use it again which I think is stupid.
    Unfortunately I think this applies to most things in life. It's not just computers and the internet (although they may be more vulnerable). But even if real life people get scammers coming to their door, phoning them up, sending them mail, etc in a bit to scam them. Like you pretty much pointed out, it really all boils down to common sense, remaining aware and being careful who you trust.
     
    sparkster, May 17, 2016
    #17
    IBMPC8088 likes this.
  18. Sefie

    Novelangel

    Joined:
    Apr 29, 2016
    Messages:
    71
    Likes Received:
    11
    I do have malwarebytes installed now, but have yet to actually complete a scan on it. I get impatient waiting for it to finish twiddling its thumbs as it scans my little android phone and I end up turning off the scan, but so far nothing malicious has turned up, which isn't too surprising considering that my phone has only been in my possession about a month now. I had to chuckle at your idea of Google asking for c.c. info to try to compel us to buy something. :D Somehow that wouldn't surprise me at all. Luckily they let you skip over that process if you choose, but yeah, it would be awful if a young child went ahead and bought something off the play store without your knowledge. :confused:
     
    Novelangel, May 17, 2016
    #18
  19. Sefie

    Sefie

    Joined:
    Jan 15, 2014
    Messages:
    947
    Likes Received:
    183
    Yeah, they do it for that reason.. it's their ''subtle'' way to push you to buy things, I almost fall for that a couple times. I felt so tempted to buy that Plague Inc upgrade :( Back then they didn't prompt you to enter your card details when you first used the service. That was a while ago though.
     
    Sefie, May 25, 2016
    #19
  20. Sefie

    Novelangel

    Joined:
    Apr 29, 2016
    Messages:
    71
    Likes Received:
    11
    I'm very careful about what I will and won't purchase online. I figure I can live without paid apps on my phone. At any rate, that malwarebytes thing failed the next time I tried to scan my phone. It wouldn't even open so I just went ahead and uninstalled it. I'll look for something else I guess, but in the meantime I will try to be careful which sites I visit on my phone. I tend to guard my debit and credit card details fairly closely and seldom make online purchases, although they can be convenient and often more inexpensive than brick and mortar stores.
     
    Novelangel, May 25, 2016
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.