Google issues urgent Android alert: Don’t download another app until you’ve read it

We use your sign-up to provide content in ways you’ve consented to and to improve our understanding of you. This may include adverts from us and 3rd parties based on our understanding. You can unsubscribe at any time. More info

Billions of Android users could be at risk from a nasty new attack that’s so serious even Google is concerned. The new threat, called Hermit, is targeting users via fake applications that have the ability to take full control of a phone with hackers then able to read text messages, see call logs, steal photos and even redirect telephone calls to another number. The original threat was spotted by the team at Lookout with Google now confirming that it is actively monitoring the bug and informing users if they’ve been targeted.

To get this terrifying malware onto Android devices, hackers are using clever new ‘drive by’ tactics including sending fake text alerts that suggest social media accounts need updating to continue using them. These applications look just like the real thing but once downloaded they soon begin infecting the phone with the Hermit virus.

Another more worrying attack, spotted by Google, physically switches off mobile data connectivity with a message then sent telling the phone owner to download a file which will fix the issue and get things reconnected. With hackers using these types of tactics it’s easy to see how unsuspecting users can be caught out. 

Explaining more about the bug the team at Lookout said: “Hermit pretends to come from legitimate entities, namely telecommunications companies or smartphone manufacturers. To keep up this facade, the malware loads and displays the website from the impersonated company simultaneously as malicious activities kickstart in the background.”

It’s worth noting that the Hermit bug has not been found on Google’s Play Store with cyber thieves relying on users downloading apps and files from the web to infect them.

Google says it has now updated its Play Protect service and is working to secure its operating system from further attacks which have so far many taken place in areas including Italy and Kazakhstan.

Nearby Share: Android explain how mobile users can use feature

In a post on its security pages, the firm said: “This campaign is a good reminder that attackers do not always use exploits to achieve the permissions they need. Basic infection vectors and drive by downloads still work and can be very efficient with the help from local ISPs.

“To protect our users, we have warned all Android victims, implemented changes in Google Play Protect and disabled Firebase projects used as C2 in this campaign.”

This attack highlights the issue of downloading files from unofficial sources – something that’s never a good idea unless you 100 percent sure the file is genuine.

Along with Android users, Google has also spotted a similar attack that could infect those with an iPhone in their pocket as well.

A total of six security issues have been found with two of them getting the dreaded zero-day rating which means they may be being actively exploited.

Apple is already thought to be working on a fix.

Lookout has also posted guidance on how to avoid becoming a victim of Hermit on its website with advice including:

• Update your phone and apps: operating systems and apps will often have vulnerabilities that need to be patched. Update them to ensure the exploits are resolved.

• Don’t click on unknown links: one of the most common ways for an attacker to deliver malware is by sending you a message pretending to be a legitimate source. Don’t click on links, especially when you don’t know the source.

• Don’t install unknown apps: exercise caution when installing unknown apps, even if the source of the app seems like a legitimate authority.

• Periodically review your apps: sometimes malware can change settings or install additional content to your phone. Check your phone periodically to ensure nothing unknown has been added.

Source: Read Full Article