ScamApps - "Google PlayStore" Risks [Role of Thread Actors]

"Apps" makes our life easier. Apps (short form of application) is a kind of software, designed to use them on mobile devices or tablets rather than laptops or computer. We have a common place to access to all these apps, mostly free of charges while few have certain cost involved.

The way we go to malls for purchasing various goods or cloths, likewise we have a centralized app purchase store in the form of Google Play store. It houses millions of unique apps of different needs and purposes. From gaming, to music, to editing to any others needs of our daily uses. Before making these apps available to different users, Google Play team ensure safety of these apps after scrutinizing the different security level most of which get updated regularly by updating security patches and implementing changes. However, even after so many checks the apps can makes our mobile devices vulnerable to various "malware" attacks.
The security insurance allows any user to trust the apps and download them into their mobile devices.

But how secure these could be considering the scammers and cyber criminals have mastered the art of making hole anywhere??

image source

Scammers with criminal mind have multi ways to make use of these periodic updates to sneak malicious apps onto Google Play store and make things worse for the user. Some of the commonly downloaded apps that always contains a risk of malware include photo editing apps, file managers, games, music and video players as well as health tracking apps. These apps are the soft target, as users find them very common for their daily usages and these are available free of cost.

As per the reports:

In 2023, apps with malicious codes were found to have been downloaded more than 600 million times on Google Play

Recently, One of my relatives downloaded a music editing apps and in few days, he was scammed. His device's was hacked He was targeted multiple way from black mails to extortion. His mobile was compromised by the cyber criminals.

So whatever Google Play store apps does to ensure the apps safety, the scammers found their own way. In one of the bizarre incident that I was aware of was the case with irecorder.

iRecorder, a seemingly innocuous screen recording app, was found to have a hidden malicious functionality

Not many of you are aware but this app was uploaded into Google Play store in 2021. It was passed multi layer of security check by the play store moderation team. There was nothing suspicious about the apps. soon the apps get popularity and downloaded by many users. The scammers found the ideal time to attack. They updated the app with malicious functionality, through security updates or other functionality updates.

It was a good trick played down by the scammers to fool the Google moderation team and also the user base and soon started exploiting users by recording voices and through other means.

Threat Actors & Their Attacks

A threat actor, also called a malicious actor or bad actor, is an entity that is partially or wholly responsible for an incident that impacts – or has the potential to impact an organization's security.

The Thread actors create multiple fake developer accounts to upload apps on Google Play. They ensure to continue uploading malicious apps if one of their accounts is blocked by the moderators.
In beginning to develop the trust and to garner audience, the thread actors keep uploading seemingly unremarkable apps with simple functionality and no malicious code. It was trick made to pass through Google security check. Once the app is downloaded by a sizeable audience, and gets popularity the cybercriminals add malicious functionality in the app through an update. This was the case with "irecorder"

Img Source

Malware effects

The Malicious codes sent by the "Threat Actors" in in different apps can be used to access sensitive user data including files, photos, videos and device's location and cellular information they load spyware and record user voices and sensitive information. this tactics found to have been used by several apps including photo editor apps, GIF camera apps etc.

Safeguarding at you own.

The safety lies with us. Whatever the security team does to ensure safety at their level, it is important that the users too make their own precautions to prevents from any malware attacks and getting exploited. There are certain measure users can take to reduce the risks posed by any such apps.

• Carefully checking upon the "apps" details. It includes checking the details of the publisher. Like we have so many mirror website, the cybercriminals to clone popular apps and place them on Google Play under similar names, icons, and descriptions.

• Avoid the "app ratings". User generally develop a trust on any apps looking at the ratings. However cybercriminals are smart enough to inflate the ratings of an app to lure more users into downloading them.

• Avoiding downloading apps "non verified" apps from Google team.

• Avoiding the "greed" factor. Often the Scam apps promises rewards in lieu of downloading or completing certain tasks like writing reviews or viewing ads. This is easy way to scam users with fake money making promises.

• User should focus on going through the overall reviews of the app especially the negative reviews. This is just to ensure they are well aware with the problems faced by other users.

These are the few ways by which users can ensure safety and security. Making yourself fully aware of the risks involved of unwanted apps the user can ensure safety and prevent themselves from unwanted risks.

Peace!!

Namaste @steemflow

Posted Using InLeo Alpha