Spotting malware in sideloaded Android apps will now be even harder

Security researchers have discovered a new platform on the dark web that allows cybercriminals to easily add malware to legitimate Android apps.

As reported by BleepingComputer (opens in new tab), the platform has been dubbed ‘Zombinder’ by security researchers at ThreatFabric (opens in new tab) who came across it when investigating a malicious campaign distributing multiple types of malware for Android and Windows.

This campaign uses the guise of trying to help users access internet points by impersonating Wi-Fi authorization portals, but it’s actually used to push several different malware strains to unsuspecting users. 

On its landing page, there are two download buttons: one for Android and one for Windows. If a user clicks on the “Download for Windows” button, they get malware designed for Microsoft’s operating system, and ThreatFabric has seen the Erbium stealer, the Laplas clipper and the Aurora info-stealer distributed this way. Meanwhile, the “Download for Android” button is used to distribute the Ermac malware onto vulnerable phones.

Adding malware to legitimate Android apps

android apps, security, amazon, microsoft, android

(Image credit: Shutterstock)

Even though this malicious campaign is something to be aware of, Zombinder is much more interesting due to the potential impact it could have on the Android malware market as a whole. 

First launched in March of this year, Zoombinder is a malware packer that can add malicious code to legitimate Android applications. In the time since its release though, it has become increasingly popular among cybercriminals. 

Unlike on the iPhone where you can’t sideload apps, APK files are used to install apps on Android without having to go through the Google Play Store or other first-party app stores. These files can be downloaded and installed on any Android phone, but you first need to enable the ability to install apps from unknown sources in your phone’s settings.

ThreatFabric’s researchers have observed a fake football streaming app and a modified version of the Instagram app being used by cybercriminals to spread malware that was embedded into both apps using Zombinder. What makes these altered apps particularly dangerous is that the creators of Zombinder claim their platform enables malware-embedded apps to bypass Google Play Protect as well as Android antivirus apps.

If you do download and install one of these apps, it will work like intended but the Ermac malware will be loaded onto your device which can log keystrokes, use overlays to steal your passwords, intercept two-factor authentication (2FA) codes and perform other malicious actions.

How to stay safe from malicious Android apps

The first and most important thing you can do to stay safe from malicious Android apps is to avoid sideloading apps unless it’s absolutely necessary. Sometimes you may have to sideload an app for work or to get a specific product to work, but besides that you shouldn’t be installing any app from unknown sources onto your Android smartphone. It may seem tempting but it’s not worth the risk, especially since so much personal data is now stored on our phones.

Instead of sideloading apps, you should only download new ones from the Play Store or other official app stores like the Samsung Galaxy Store or Amazon Appstore. Still, bad apps do manage to slip through the cracks from time to time which is why you should read reviews, check ratings, visit the sites of app developers and really do your research before installing any new app. At the same time, you should also carefully consider which apps you have installed on your devices. Do you really need this particular app, or can you use a stock app to accomplish the same thing?

Now that cybercriminals have an even easier way to add malware to legitimate Android apps, we’ll likely see even more attacks using modified versions of popular apps going forward.

TECH NEWS RELATED

Wi-Fi routers are being hit by a dangerous new Android malware with extra DNS hacks

With the DNS changed, users are redirected to malicious pages

View more: Wi-Fi routers are being hit by a dangerous new Android malware with extra DNS hacks

Is the 2023 Toyota RAV4 Too Old to Keep Up?

Today we’re putting the Toyota RAV4 in the spotlight to take a closer look at it. We know that there are tons of great things to say about it. It’s capable, spacious, and reliable. But is the 2023 Toyota RAV4 old? Is its age starting to show?  Is the 2023 ...

View more: Is the 2023 Toyota RAV4 Too Old to Keep Up?

The 2016 Hyundai Sonata Got ‘Nearly Everything Right’

Hyundai is building a reputation as an automaker that makes a lot of great cars. This is the case with the 2016 Hyundai Sonata, as Hyundai gave the car a lot of updates for that model year, and that made the car nearly flawless. Here’s a look at how the ...

View more: The 2016 Hyundai Sonata Got ‘Nearly Everything Right’

How to Remove Memories in Google Photos

Open a Memory from the Google Photos app and tap the three-dot menu icon. Then select “Hide” and choose “Remove This Memory.” Google Photos resurfaces old photos and videos in an aptly named feature called “Memories.” However, not all memories are good memories, and you may not want to ...

View more: How to Remove Memories in Google Photos

The Best Hyundai SUVs for 2023: Midsize, Compact, and Crossover

Hyundai has some excellent SUVs in its lineup right now, all of which are reasonably priced to fit many budgets. The sport utility vehicles below come with Hyundai’s five-year/60,000-mile comprehensive coverage and 10 years/100,000 miles on key powertrain components. Here are three of the best Hyundai SUVs for 2023, packed ...

View more: The Best Hyundai SUVs for 2023: Midsize, Compact, and Crossover

Refreshed Mercedes CLA Gets Mild-Hybrid Technology

Both the ’24 Mercedes-Benz CLA and Mercedes-AMG CLA receive 48V electrical systems providing additional low-end horsepower.

View more: Refreshed Mercedes CLA Gets Mild-Hybrid Technology

Best Ways To Fix Slow Internet During VPN On Windows 11

Is your VPN slowing down your Internet connection on Windows 11? You’re not alone – many users experience the same issue. Having slow Internet while using a VPN can be incredibly frustrating, especially in the middle of a big project. Whether working from home or just trying to stream your ...

View more: Best Ways To Fix Slow Internet During VPN On Windows 11

Best free sports streaming apps in 2023

Cutting the cord on cable television is something tons of people have done over the past five years. But that hasn’t proven to be the smartest way to continue to watch sports. Whether it comes from premium sports website subscriptions to keep tabs on your favorite players, or even fantasy ...

View more: Best free sports streaming apps in 2023

New software for millions of BMW vehicles with the latest software upgrade

After six months, the Galaxy A41 gets a new security update

9 Best Fix: Windows Won’t Recognize Android Device

Which Is a Better Used Sedan: the 2020 Chevrolet Impala or the 2020 Nissan Maxima?

Galaxy Tab S6 Lite Wi-Fi gets One UI 5.0 as its last major update

2023 Alfa Romeo Tonale PHEV: full pricing and specs revealed

8 Best Smart Home Automation Apps for Android and iOS

4 Reasons to Avoid the 2023 Nissan Maxima

One UI 5.0 feature focus: Create home screen widget stacks

Will 5G Make Me Use More Cellular Data?

No Sound on Windows 11? Here Are 6 Ways How to Fix It!

2024 Alfa Romeo Tonale Gets Reasonable Starting Price

OTHER TECH NEWS

Top Car News Car News