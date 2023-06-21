



By Divya Bhati: Google Play is one of the world’s largest app stores, with over 3 million app downloads. The Android app store, operated by Google, is also a prime target for hackers looking to spread malware, due to its huge selection of apps and huge user base. In a recent discovery, cybersecurity researchers detected several suspicious malware-infected apps on Google Play. These malicious apps can be used to steal sensitive information from users’ mobile phones and launch other cyber-attacks.

Researchers at cybersecurity firm CYFIRMA have warned Android users about the apps currently available on Google Play. The apps in question, namely nSure Chat and iKHfaa VPN, are listed with the developer name “SecurITY Industry”. The apps are infected with spyware designed to steal sensitive information from users’ phones, researchers say. Additionally, these apps were found to be used by state-sponsored hackers as a means of gathering information from targeted devices. This information includes location data and contact lists of affected users.

A report by Cyfirma, a Singapore-based cybersecurity firm, traces the infected apps to a dangerous hacking group known as “DoNot.” The group is believed to be state-sponsored and has been carrying out targeted attacks against high-profile organizations in Southeast Asia since 2018. “Further technical analysis has revealed that the app has malware characteristics and belongs to the notorious Advanced Persistent Threat Group, ‘DoNot’. It recently targeted individuals in the Kashmir region. Recent observations have found the threat actor using his Android payload against individuals in the Pakistan region, but it is still unclear what drives them to commit cyberattacks in the South Asia region. Read the CYFIRMA report.

How spyware apps steal user data

The report explains that malicious apps request sensitive permissions from users during installation. These permissions include access to your contact list, precise location information, and more. When given permission, the app collects data and sends it to hackers.

Cyfirma analysts also found that the malicious VPN app’s code base was copied from the legitimate Liberty VPN service. This means that a malicious app is essentially a copy of a legitimate app with malicious code added to it.

Do not install these apps from Google Play

Do not install the two apps nSure Chat and iKHfaa VPN from Google Play. If it is already installed, the user should remove it immediately. Both apps are now available for download on Google Play. nSure Chat has over 100 downloads, but iKHfaa data is not available.

How to protect yourself from spyware

First and foremost, never download any app that looks suspicious or is marked as malicious. However, it should also be noted that the hacker also sent links to these apps through his WhatsApp and Telegram. Therefore, never click on such links. Additionally, here are some tips you should follow to protect your device from malware.

Choose a reputable antivirus program and keep it up to date. Scan your device regularly to detect and remove spyware and malware. Only download apps from official app stores such as Google Play Store and Apple App Store. Read user reviews and check app permissions before installing. Avoid downloading apps from unknown or untrusted sources. Keep your operating system, software, and apps up to date. Developers often release updates to patch security vulnerabilities and protect against spyware. For convenience, enable automatic updates. Be careful when granting permissions to apps. Consider whether your app really needs access to certain sensitive information, such as contacts, camera, or location. Deny permissions that you think are unnecessary or questionable. Enable and configure the firewall on your device to monitor and block unauthorized network connections. This helps prevent spyware from communicating remotely with her server.

