Categories: Security

New Android Malware Mimics Common Apps

The newest sensation sweeping European nations isn’t quite as fashionable as pantsuits or as tasty as flakey milk chocolate; it is a new piece of Android malware that is gaining ground in countries like Denmark, Italy, Germany, and Austria. This software takes over apps like Uber and Google Play by mimicking their familiar user interfaces and tricking users into inputting confidential information.


This malware functions by using a particular SMS phishing scheme that sends out links in SMS messages to trick recipients into installing it on their devices. These links have gotten increasingly more deceptive, as some messages are as simple as “We could not deliver your order. Please check your shipping information here.” After a user clicks on the given link he/she has, unknowingly, given the malware access to monitor and manipulate the device.

Once users have clicked on the link, the malware tracks which apps are used most frequently and which are running in the background. If one of those apps (usually WhatsApp, Uber or Google Play) is launched, the malware overlays a phishing page on top of it and then asks the user to input his/her information. The problem is, the overlay is often “nearly identical” to the original app so it can be very challenging for users to recognize. This overlay is very deceptive because the UI screen is only created when the app is launched, emulating the actual app’s appearance in real time. In this way, the malware can persuasively convince users to input confidential information which then gets sent to the C&C servers.


While mobile banking apps and other financial apps used to be targeted for access to credit cards and other monetary information, the malware is now mimicking more common apps like WhatsApp, WeChat, Uber, Facebook, and Viber. Because the malware is accessing more “benign” apps, people are less suspecting these apps will jeopardize their financial information.

Perpetrators have also used a number of URL shortening services that make the malware harder to detect. FireEye claims that the 30 shortened URLs used to direct users to the malware have been clicked more than 160,000 times. However, the use of these shorteners has made it possible for experts to establish how many different Android devices could possess the malware (Hint: It’s a lot).

Although this malware is adeptly bypassing Android’s security features, there are a few precautions you can take to make sure that your device is safe. The first is to simply make sure you’re not clicking on links that are from unknown sources or contain vague messages. Be cautious when opening any new text messages or emails. You can also download a supplementary security system, like PSafe Total, for extra assurance that your device is secure. PSafe Total can detect the newest types of malware and give your Android devices unparalleled protection against whatever cybercriminals have in store.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.

Recent Posts

Vulnerabilities in Cyber Security: what they are and how to fix them?

Learn all about one of the hackers' favorite breach method and keep your company safe…

1 year ago

3 ways to recover deleted photos on Android

Have you ever wondered how to recover deleted photos on Android? After all, the lack…

1 year ago

What is worm?

Digital worms are among the most serious threats in the wild kingdom of the Internet.

2 years ago

Spoofing: What’s it all about?

Spoofing is a fairly sophisticated virtual scam that can fool even the most cautious and…

2 years ago

Careful With That QR Code! Five Steps For QR Code Safety

Five Steps to Reduce QR Code Risk! Step one? Read this article…

2 years ago

Pharming: Phishing’s Nasty Big Brother

Pharming is creating a new, dangerous brand of impostor syndrome. Check how to avoid pharming…

2 years ago