Scammers are tricking Android users into installing a fake antivirus app that can drain bank accounts — how to stay safe
From a simple text message to a bank account-draining malware infection
A new Android malware campaign is using social engineering and several other tricks to dupe unsuspecting users into installing malware capable of draining their bank accounts.
As reported by BleepingComputer, this particular campaign currently only affects users of the best Android phones in Finland. However, it’s still a great example of the types of tactics and means hackers use to trick people into installing malicious apps.
According to Finland’s Transport and Communications Agency (Traficom), this attack begins with a text message that instructs the recipient to call a phone number. When they do, they are then instructed by a scammer on the other end to install a McAfee app for protection.
While you should never install any app someone coerces you to over the phone, the initial text messages in this campaign appeared to come from either banks or payment service providers using spoofing technology to make this request appear more legitimate.
Here’s everything you need to know about this new malware campaign and how you can avoid falling victim to it and others like it.
Sideloading malware
Instead of coming from the Google Play Store or another official app store, this fake McAfee app arrives as an Android APK file which needs to be sideloaded onto a victim’s phone. This is a major red flag and a clear giveaway that this is a scam since no bank or financial service provider would ever ask its customers to sideload an app.
Still though, many Finish users have fallen to this scam with Traficom reporting that one victim lost over $100,000. In fact, this scam has gotten so bad that the financial service provider OP Financial Group published a separate alert on its website warning its customers about text messages impersonating banks or national authorities.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!
While the Finnish authorities didn’t name the malware strain being used in this campaign, BleepingComptuer noticed that it resembled a recent Vultur banking trojan campaign from earlier this year.
This new Vultur variant uses a combination of smishing (phishing over SMS) and phone call attacks to convince potential victims to download a fake McAFee Security app. Sound familiar? It should as this is almost the exact same attack scenario used in this new campaign.
For those who may have accidentally installed this malicious app posing as McAFee, you should call your bank immediately to enable protective measures and restore your compromised Android phone to its factory settings. You will lose all of your apps and other data but doing so will wipe the malware from your phone.
How to stay safe from Android malware
Android malware has the potential to completely upend your life if you’re not careful. This is why you want to be extremely cautious when installing any new app onto your smartphone.
Besides not sideloading apps, you also want to check the ratings and reviews of any app you download from the Google Play Store or other official Android app stores like the Samsung Galaxy Store or Amazon Appstore for that matter. Since reviews and ratings can be faked, I always recommend that you also look for video reviews so that you can see the app in question in action before installing it.
When you do install a new app, pay careful attention to the permissions it requests. Malicious apps spreading malware often request access to unnecessary permissions as a means to gain access over your phone. For instance, a simple utility app like a calculator doesn’t need access to your photos or the ability to see your contacts. As for which permissions are an immediate red flag, Accessibility Services is a permission that’s often abused by malicious apps as it gives the hackers behind them near total control of your phone.
As it comes pre-installed on most Android phones, you also want to make sure that Google Play Protect is enabled as it scans all of your existing apps and any new ones you download for malware. For extra protection though, you might also want to consider installing one of the best Android antivirus apps as they often come with additional security features like a VPN or password manager.
Scammers and hackers are going to keep coming up with clever new ways to infect users with malware as companies like Google and law enforcement agencies grow wise to their tricks. As such, it’s up to you to be careful online and not let your emotions get the best of you when dealing with text messages or other communications sent from unknown senders or even people posing as someone they’re not.
More from Tom's Guide
Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.