Topic: [Warning]:Android droppers in Google play distributing banking and crypto trojan (Read 195 times)

Where did you see I said someone should use this third party apps for installing Electrum?
I gave gradual steps for slowly removing google from his smartphone, and some of this apps are just aggregating and installing directly from github source (IzzyOnDroid).
However, downloading something from official source doesn't mean much if you don't verify it, and most of the apps can't even be verified at all, so you have to trust some third party.

That is just a good message passed to people that are newbies about google and their malware apps.

Downloading directly from the official site, or the official site will direct your to PlayStore, which are better than searching for app directly on PlayStore and resulting to you downloading a malware app.

Very interesting that Philippines very own crypto exchanges, coins.ph is amongst the target of this cyber group. But yeah, seems Google Play is a free market even for this criminals to used and do damage for ordinary people. We need to be very vigilant to everything we downloaded on Google Play.  And yes, in our own little way, we can report this apps so that it will be taken down immediately.

Have you got alternative?

I also think this is the better choice. At the end of the day as long as you can verify the developer or the apk before installing it then it should be better than just blindly downloading and installing it. Play Store is really terrible with these malware apps, who knows when it will improve.

There are lots of apps on playstore that always ask for permission for contacts, files, camera and I think most of the sensors that is why I enabled the developer option to use "sensors off" to be able to disable all of them and no one can able to monitor my phone even I accept permission almost sensor will not work like camera and mic.
I'm using Samsung S9+ I don't know if other phone model have sensor off option in developers option.




I don't think its a good way to install 3rd party source where you can download apps most of them actually have malware.

If you want to download apps safely then download it to the original source if you know that if its safe like downloading Electrum directly on Electrum.org instead of downloading it on GooglePlayStore.

If its open source then instead of downloading it in Google build it from the source and download it then install.

I wouldn't use smartphone for holding any significant amount of Bitcoin but It's best to stop using google store, or at least minimize apps you are installing from that place.
Installing anything with searching google store is like installing or using anything you find with g-search, and we know this results are full of phishing scam links.
Good first step is replacing g-store with Aurora Store, but it is best if you could use stores that have only open source apps, like F-Droid, Neo-Store, IzzyOnDroid, Droid-ify, etc. and even them be careful what you install.

It is true that malware is rare on iOS if compared to Android, but the fact remains that iOS devices is not affordable to more people in developing country which makes Android the most sold in such countries. Also going for iOS, it is still important to know much more about malware and how to avoid, although people that do not know much about online attacks can be more favoured by having iOS devices, but we should know that people will still want to go for free apps. Some apps are just free, online wallets apps are supposed to be free, or not free on iOS?

Although, Android is not recommended but no cheap easy alternative like Linux on computers. I have used Android for years and nothing happened, if the source of malware are known, they are still easy to avoid. Example is the Google PlayStore that is the den of malware apps. Although, I may still use it for well known apps like while downloading wallets like Trustwallet for testing (that wallet is close source and not recommended) because the fake ones are easy to spot while just having few downloads, but the original one have millions of downloads, but just still best going for downloading apps from the official websites.

Likewise all online devices, except it is multisig in a way the other signers are on another devices entirely, or like 2FA means in a way the 2FA app is on a different device entirely. With safe practice and having extra layer of protection like 2FA or best with multisig can be helpful on online devices. Experienced people have different approaches about having wallet on online device which can still have good security. But having a single key wallet on online devices without no 2FA on another device, that is dangerous. For single key wallets, cold storage is the best, or getting a reputed hardware wallet.

That's the best advice, but it's the only way many know how to (especially for those that use Android devices). They need to find a way to stay safe regardless and being security consciousness would help to prevent majority of phishing attempts.
People do not value data much and easily allow multiple permissions just to use a game or live streaming app risking their privacy and funds.

And 100% of people who use mobile devices as a means of storage hope they would not be the 1% who gets ripped off.

I personally keep a little amount for daily transactions on my mobile device, but no more than that. The frequency of transactions I make determine how much I leave in an address and how well I secure it.

*to download everything.

I was getting bored a few nights ago and had time to kill before going to pick the wife and kid and decided to what the hell, play some game, went for a puzzle type with a  ton of downloads and reviews, and when to start, it needs GPS, camera, call, contacts and a ton of other permission. Really?  And this is one of those that announce you they are going to screw with you, what happens with others I don't want to even think, that's why if you have the $, go for Apple and only paid apps, android and free apps launched a month ago are a recipe for disaster.


I would advise against holding any sum in BTC you can't afford to lose on your phone, it's more like a lottery, in 99% of the cases you will not get infected or lose your money but when you do, you will lose everything.


This one was "developed" by a company that charges $260 for a racing 10 pixel game:
https://play.google.com/store/apps/details?id=arsalgames.mega.rikshaw.stunts&hl=en_IN&gl=US
Wtf!!!!

Right from time I don't get too involved with downloading apps from google playstore or apps store as the case maybe, it is more safe to go through thier official website and make a direct download from there, many have got misled through playstore by downloading wrong intended apps from there, those centralized apps stores are a constitute of many kinds of malicious apps introduced for the aim to attack users by downloading them in place of the intended ones, I've also experienced it before and ever since if i must download an app then it has to be from their original authenticated website and not from app stores or google play.

Google play store is literally the worst way to download sensitive applications, as they can very easily be phished, and even after reporting, it takes ages for them to be removed, only for new ones to pop up almost immediately.

I would be reporting and urge people to verify the authenticity of any app they download, especially to a device where they hold funds (fiat or Bitcoin).

There are still some malicious dropper on Android apps that has been distributing banking trojans stealing info, including crypto currency wallets.

So I need the community to report this apps to stop those cyber actors.




















https://www.threatfabric.com/blogs/the-attack-of-the-droppers

And so I urge everyone to report, and if you have installed one of them, it's better to check everything, change your password because you just don't know when this criminals are going to steal from your wallet.