Such app stores are not as safe as we are led to believe. Time to brush up on mobile cyber hygiene!

Last week, two Android applications in the Google Play Store were found to be malicious. One was called ‘Smart TV remote’ and the other an innocent-sounding game called “Halloween coloring”.

Both applications had been laced with the Joker, a well-known malware variant that focuses on compromising Android phones. The Joker is designed to spy, steal information, and monitor phone messages. 

Although every cybersecurity advisory recommends that we download apps only from “official app stores”, this one of many previous incidents has shown that Google is fallible.

Follow cyber hygiene practices!

How should smart phone users—regardless of their phone’s operating system—protect themselves against cybercriminals and fraudsters who manage to constantly outwit app store defenses?

According to Boris Cipot, Senior Security Engineer, Synopsys Software Integrity Group, even though there are safeguards in place in the Google Play Store to protect Android users against potentially unwanted or malicious apps, we should never place all of our trust in these measures.

“Google has some ways of checking that applications are not immediately dangerous or harmful for their users and their devices. However, criminals will always find a way to get past those safeguards, even if just temporarily. Once the malicious intentions and harmful behavior of an app are discovered, it would have been too late for many of the users.”

Cipot proffered the following standard overarching cyber hygiene practices to reduce vulnerability to malicious apps:

  • Be very suspicious of any app when downloading from app stores
  • Check when the app was published and how long it has been on the app store
  • Check what users are saying about the app and be on the lookout for fake reviews
  • Make sure that you also use an anti-malware protection software on your device. Even if the latest malware may not be detected right away with the software, it can still help you to see if an app has too many permissions on your device and flag it as suspicious

In the case of the Joker and fraudulent trojan malware that steals the two-factor SMS authorization code for signing up to ‘premium rate services’ delivered via chargeable SMS messages. Examples are chat-line services, TV voting services, donations to charities or services offering content download links.

Find out from your mobile service provider how to bar your number from such services.