I hope you have heard of the most recent 11 apps removed from Google Play Store. In case you don't know, those are just another set out of a long list of 97 or more apps banned by Google Play admin in recent months. The wave of bans is due to recent discoveries showing that malicious software were being stolen into apps submitted to Play Store unknown to Google watch-dogs. Now, since the Google Play Store houses only Android apps, it means that those malicious software are targeted at Android users (including YOU if you use any device that runs on Android):
One Of The Threats Noticed Targets Users' Bank Accounts
In many of these cases (including the most recent case), the Android apps were found to hide a very dangerous trojan malware known as Joker. Why is Joker considered a special kind of threat among other cyber-threats? It's because it targets the bank accounts of its victims. This is how Joker does that: According to the famous cybersecurity publication Threat Post , "Joker is a billing fraud family of malware that first emerged in 2017, but started appearing in earnest in 2019. It advertises itself as a legitimate app, but once installed, it infects victims post-download to steal their SMS messages, contact lists, and device information as well as also stealthily signing them up for premium service subscriptions that could quietly drain their wallets" (emphasis mine).
Did you get that? It is "a billing fraud family of malware". Then, what does that mean too? It means that it affects its victims by "stealthily signing them up for premium service subscriptions". In case you are yet to understand this still, it means that Joker would steal your sensitive bank-related information from your device (such as your credit card - ATM card - details). Then, it would use those details to pay for recurring subscription services by pretending to be you. In order words, from time to time, your bank account would be charged for what you don't know about. Joker can even receive SMS on your behalf and steal any information it bears. Of course, this sounds like Joker can also receive an OTP notification for you since an OTP is basically an SMS message.
Joker Coninues To Re-Emerge From Time To Time
According to Aviran Hazum who is the Manager of Mobile Research at the cybersecurity firm Check Point, "Joker adapted. We found it hiding in the essential information file every Android application is required to have". Aviran made the statement in July 2020 after his company burst the threat that led to the latest bans on Google Play Store. What the expert means by saying that "Joker adapted" is that it has changed from how it operated way back in 2017 through 2019 when it was recently found in July 2020. It therefore means that the criminal programmer behind the infamous software keeps adding new codes to it that makes it able to wreak worse and worse havoc and evade new security provisions as time goes on. This becomes a strong reason why you need to do something really serious about staying safe from Joker and other malicious software targeted at Android users via Google Play Store.
What Are You Supposed To Do About It?
First, I would advise you not to panic about it. What you need is knowledge rather than fear. You may have heard of the 2020 Twiter Bitcoin Scam hack attack that targeted the Twitter accounts of big dogs like Jeff Bezos, Apple, Elon Musk, and Barack Obama between 20:00 and 22:00 UTC on July 15, 2020. That means that just anyone can be a victim of a cyber incident. But then, that also means that a cyber incident should never be taken as the end of the world - even if it is. Well, the major reason why a cyber incident should not get you too upset is that there is always a way around such issues. So, you should focus more on getting the right information always rather than letting fear drain the life out of you.
So, what should you do in the case here under discussion? The first step you must take is to make sure that none of those apps banned by Google is still left in any of your Android devices. If you see any app in your device that sounds like any of them, I advise you to uninstall it. Then, if you still need that type of app, go back to Google Play Store to reinstall it (See The Full List of the apps removed from Google Play Store here).
After uninstalling the app, the next step you must take is to go to your bank and ask them to check if you have any subscription entered into with your credit card (ATM card). Tell them why you came to do that (you were advised by a security expert to do so and why). After checking, if there is any such subscription done on your behalf that you know nothing about, unsubscribe from it. Did I even need to tell you that?
Next, change the PINs and passwords used for accessing your bank account including any email associated with your bank account (remember that Aviran Hazum revealed that Joker keeps re-emerging with new characteristics). So, change the password that may already be in the know of a criminal somewhere.
What If You Don't Even Have Money In Your Bank Account Right Now - Should You Care?
Often times, when an issue like this is reported, there is a set of people that would always want to brush it off with one flimsy reason or the other. One such likely reason is "after all, no one knows me" or "how much do I even have that someone would be interested in stealing?". In case you are thinking in this manner, please permit me to shock you by letting you know that these days, it's not just your money that can be targeted. Instead, your details can be stolen and used to steal or commit some other crimes, thereby putting you into trouble either in the present or some time in the future (imagine your email getting used to send scam messages that resulted in FBI flagging the email account. Then, imagine filling a visa form with that email account in a year's time and your form submission sets off an alarm at a local police unit!).
So, should you care? Yes, absolutely. And what are you supposed to do? That is talking about the general precautions that everyone should take regarding the situation. First, make sure you have one of the major security software installed on your devices (such as Bitdefender Total Security, Kaspersky, Norton360, Webroot Internet Security Plus, Trend Micro Maximum Security, Avast Ultimate, McAfee Total Protection, ESET Smart Security Premium, Panda Dome Advanced. Bullguard Premium Protection, Avira, AVG, et cetera). You can see that I took time to list all these out because of how important I consider this point of this article.
Lastly, I would advise everyone to prefer software services that are cloud-based to those that are based on downloadable apps. Admittedly, the great free services we get from a flurry of Google Play Store apps can easily become too attractive to forsake. But, like many free things, there are perks that they hide just like the Trojan Horse. In fact, they are a part of phishing practices ('phishing' is internet's form of 'fishing' where baits are used to attract people in order to hook them through their devices and online accounts). So, let's discipline ourselves by not always jumping at any free app we see from just anywhere. Lastly, you can very well trust that Google got your back in all these.
Content created and supplied by: iGube (via Opera News )
Opera News is a free to use platform and the views and opinions expressed herein are solely those of the author and do not represent, reflect or express the views of Opera News. Any/all written content and images displayed are provided by the blogger/author, appear herein as submitted by the blogger/author and are unedited by Opera News. Opera News does not consent to nor does it condone the posting of any content that violates the rights (including the copyrights) of any third party, nor content that may malign, inter alia, any religion, ethnic group, organization, gender, company, or individual. Opera News furthermore does not condone the use of our platform for the purposes encouraging/endorsing hate speech, violation of human rights and/or utterances of a defamatory nature. If the content contained herein violates any of your rights, including those of copyright, and/or violates any the above mentioned factors, you are requested to immediately notify us using via the following email address operanews-external(at)opera.com and/or report the article using the available reporting functionality built into our Platform See More