Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials
May 10, 2024
Cybercrime / Banking Fraud
Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) have been observed to steal users' credentials from compromised devices. "This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their devices," the SonicWall Capture Labs threat research team said in a recent report. The distribution vector for the campaign is currently unclear. However, once the app is installed on the users' phones, it requests them to grant it permissions to the accessibility services and the device administrator API , a now-deprecated feature that provides device administration features at the system level. Obtaining these permissions allows the rogue app to gain control over the device, making it possible to carry out arbitrary actions ranging from data theft to malware deployment without the victims' knowledge. The malware is designed to establish connections with a comman