As smartphone and tablet usage continues to rise and the number of available apps for these devices proliferates, so does the number of cyber criminals targeting unsuspecting users with malware disguised as legitimate apps. Third-party app stores offer these hackers an avenue to deliver their malicious apps to those who are unaware of the risks of using unofficial app sites. Before downloading anything, all smartphone and tablet users should be aware of the dangers of third-party app stores to help them avoid becoming the unsuspecting victims of hackers.
A newly-uncovered fraudulent Netflix app perfectly illustrates the serious potential issues with third-party app stores. Researchers at information security company Zscaler found malware hidden within an unauthorized Netflix app currently circulating on third-party app stores. Once downloaded, an app with the real Netflix logo icon will appear on the user’s phone or tablet. When the user attempts to open the app, the icon will disappear as though the app were uninstalled from the device. Rather than disappear, however, the downloaded app has actually installed a Remote Access Trojan (RAT) which allows hackers to completely take over the device.
With the access that the RAT provides, hackers are able to copy files from the infected device, access the phone’s contact list and read every text message. This malware even allows hackers to control the smartphone or tablet’s microphone and camera, giving those responsible for the malicious app the ability to record conversations or take pictures and video without the device’s owners knowledge or consent. In short, a device infected with a RAT puts your financial information, passwords and privacy at risk.
While this particular malware has only been found in the fraudulent Netflix app so far, other fake versions of real apps disguising this malware could start showing up on third-party sites. The best way avoid the threat of malicious apps is to stay away from third-party app stores altogether. Official app stores like Apple’s App Store and the Google Play service do a much better job of checking the apps offered through their sites, making malicious apps rare. Not all apps on third-party sites are malware, but these sites’ standard of care for checking apps is much lower than that of official services, allowing scammers easy access to victims.
If you insist on using third-party app stores, do your due diligence before downloading anything. Verify that the app developer’s name is correct through a quick Google search; many scammers try to offer fake versions of real apps using a copycat developer name. Read other users’ reviews of the app and see if there are any expert reviews available. If anything in any review indicates that the app is fraudulent or faulty, stay away. Lastly, make sure that your smartphone or tablet is updated with the latest operating system and security patches aimed at protecting your device from recently-discovered malware threats.