Millions of users have been warned not to delete dangerous apps immediately.
Another warning has been issued for users to delete “dangerous” apps on their phones, after security researchers discovered a worrying number of malware-filled financial apps installed on millions of devices. If you have any of the apps listed below, delete them immediately.
When it comes to the Apple versus Google duopoly, whose ecosystems dominate the global smartphone industry, the key difference remains choice versus security. Apple is closing the doors to its walled garden, as much as it can, limiting one billion users to its App Store and the option of its default messaging platform among other things. Google takes a different approach.
“We’re trying to strike a balance,” Sundar Pichai explained last month, citing the Play Store versus Apple’s App Store as an example. “We believe in choice, so on Android we allow you to download and install additional apps.” But he then went on to warn users that this is like a seat belt in a car, and we are adding protections so you can use it safely. But, as with seat belts, risks remain.
And so we’ve seen it again here, with the latest warning about apps with malware evading Google’s safety belt and showing up in the Play Store, as well as in more brutal third-party app stores.
ESET researchers found some dangerous apps on the Apple App Store as well, although they were more prevalent on the Google Play Store. But Apple users should also check their devices.
“Since the beginning of 2023,” says Lukasz Stefanko of ESET, “[our] Researchers have observed an alarming growth in scam Android loan apps, which present themselves as legitimate personal loan services and promise quick and easy access to funds.
ESET called these dangerous apps “SpyLoan,” warning that all of the apps “are marketed through social media and SMS, and are available for download from scam websites and third-party app stores. All of these apps were also available on Google Play.
The apps originate from the same source and work identically once installed, regardless of the store they were downloaded from. The apps had already targeted multiple countries by the time ESET issued its warning, though not yet in Europe or the US. But US and European users with connections in those targeted countries, especially when they use overseas numbers, could be at risk.
The apps are designed to steal sensitive personal information, including account details, messages and contacts. ESET has passed details of 18 such apps on the Play Store to Google, with all but one removed. But not before these apps had more than 12 million downloads.
If you have any of these 17 apps on your phone (list provided by PhoneArena), obviously delete them immediately and you are advised to change your device passcode, WiFi password, and passwords for your major financial accounts. You should also monitor suspicious activity, emails, or other messages you receive for some time to come.
- AA credit
- Omar Cash
- Guayaba cash
- EasyCredit
- dinner
- Credit Bus
- FlashLoan
- LoansCredit
- Credit Loans-YumiCash
- Go credit
- Instant loan
- Large wallet
- Fast credit
- Finupp Lending
- 4S cash
- Tru Neera
- Easy Cash
But these 17 specific apps aren’t really the problem, but just the latest example of sophisticated malware targeting the smartphones that guard the gate throughout our lives and access all of our important information and our most sensitive information.
The real issue is one of balance, going back to Pichai’s perspective on choice. How we value choice versus privacy and security. And as Apple comes under increasing pressure to dismantle some of the high walls around its trillion-dollar garden, what unchecked consequences will be for the billion-plus user base that has come to rely on Apple’s defenses to a greater or lesser extent.
Apple has acknowledged that it will make some App Store concessions following EU regulatory pressure in particular, as it has done in recent weeks over iMessage’s inability to play well with Google’s alternative. But, as with iMessage, how Apple implements the change will be critical.
The compromise on iMessage appears to be parallel coexistence rather than deep integration, with RCS being adopted alongside Apple’s platform rather than within it. It seems likely that Apple’s nod to third-party app stores will follow a similar path, with deep-rooted comprehensive controls that go beyond Google’s more freewheeling approach to the Play Store.
Google has come under fire for the apparent ease with which its defenses can be compromised, prompting it to launch the App Defense Alliance, bringing security research into the fold. Under this arrangement, ESET identified and flagged SpyLoan applications.
Google has provided guidance for Android users regarding signs their devices may have been compromised, listing the following symptoms – and users are advised to take note:
Device symptoms:
- Alerts about the presence of a virus or infected device
- The antivirus software you are using no longer works or works
- Significant decrease in the operating speed of your device
- A significant and unexpected decrease in storage space on your device
- Your device stops working properly or working completely
Browser symptoms:
- Alerts about the presence of a virus or infected device
- Pop-up ads and new tabs that won’t go away
- Unwanted Chrome extensions or toolbars keep coming back
- Your browsing seems to be out of your control, redirecting to unfamiliar pages or ads
- Your Chrome home page or search engine keeps changing without your permission
Other symptoms:
- Your contacts received emails or social media messages from you, but you did not send the emails or messages.
If any of the above appears on your device, Google’s advice is as follows:
- Make sure Google Play Protect is turned on
- Check for Android device and security updates
- Get the latest Android updates available to you
- Get security and Google Play system updates
- Remove untrusted apps (i.e. from outside the Play Store or no longer in the Play Store)
- Run a security scan
But despite this advice and its various initiatives, the Google Play Store remains more malware-ridden than its Apple counterpart. Until now, there has been no standard by which to judge Google’s security efforts. But with Apple’s move, all that may be about to change. If the iPhone maker can open the door to third-party app stores without massively weakening its defenses at the same time, Google will inevitably be under pressure to deliver better for Android users.
This wouldn’t be a bad thing for the millions of users infected with SpyLoan and other malware.
Google Android and Apple iPhone have millions of apps available for download, but there are some that users need to steer clear of. A recent study has shown that several popular apps on both platforms have been found to track users’ personal data and sell it to third-party companies. In light of this alarming discovery, it is important for Android and iPhone users to be aware of these apps and take immediate action to protect their privacy and security.