A New Reminder to Watch Which Apps You Download
As a general rule of thumb, it’s important to exercise caution when downloading apps onto your devices. Whether you’re using a PC for work, or a personal smartphone, malicious apps from your device’s marketplace can steal data and infect your system. This is great advice especially when looking at apps and software on various websites across the internet. These sites
As a general rule of thumb, it’s important to exercise caution when downloading apps onto your devices. Whether you’re using a PC for work, or a personal smartphone, malicious apps from your device’s marketplace can steal data and infect your system.
This is great advice especially when looking at apps and software on various websites across the internet. These sites will happily let you download their programs, but as there is very little regulation or control in this process, you run the risk of installing something nefarious on your device. That’s why companies like Apple and Google always recommend you download your apps through their official app stores, since they have their own process for vetting developers.
But this system isn’t foolproof: While downloading apps from the Google Play Store is generally more secure than downloading programs from random websites, there is still a risk those Play Store apps aren’t what they advertise themselves to be. Unfortunately, it’s become all too common to see stores in the news about apps purporting to offer a legitimate service, only to find these programs siphoning your data to some remote server, or using your device’s resources to mine bitcoin.
Malware like Chameleon hides within “legitimate” apps
The latest example of this type of activity comes to us from the banking malware Chameleon. This malware started in Australia and Poland, but was recently seen targeting users in Italy and the U.K., indicating the malware may be spreading throughout Europe.
When downloaded, Chameleon tricks users into giving the malware Accessibility permissions. Usually, Android 13 and Android 14 users don’t have to worry about this type of attack, since the new “Restricted setting” blocks malware from performing malicious activities on your device’s screen. But if you follow Chameleon’s on-screen prompts to allow it permission, it has the ability to perform these actions.
Chameleon uses its permissions to Android’s accessibility service to steal your data, as well as engage in overlay attacks—a form of attack in which a malicious program displays its contents on top of another apps, perhaps legitimate.
Malware like Chameleon hides in “legitimate” apps. When you download and install these apps on your device, like an Android smartphone, the malware can get to work in the background, wrecking havoc on your personal privacy and the sensitive data of your business. In Chameleon’s case, the malware ties itself to fake versions of the Google Chrome app. Of course, if you download Chrome from Google’s official site, or from Google’s official page on the Play Store, you have nothing to worry about.
However, the issue comes with malicious apps pretending to be Chrome. You might encounter these on the Play Store, with apps cleverly masquerading as Google’s official browser, but Google is likely more sensitive to fake versions of its apps on its own marketplace. More likely, these malicious versions of Chrome are coming from third-party sites: You might google “Google Chrome,” click a link that looks legitimate, then end up downloading an illegitimate version of the app with Chameleon attached.
How to protect your business data from malicious apps
The best way to avoid malware like Chameleon is to keep away from the app it’s attached to. While that’s easier said than done, there are some tips to keep your protected.
First, always make sure you’re downloading an app from its official source. When looking for Google Chrome, for example, ensure you go to Google’s site, not a third-party link. Instead of clicking the ads that appear in a Google search, which can lead to malicious sites, look for Google’s URL and choose that. If on a mobile platform like Android, opt for the Play Store for your apps, rather than a third-party site or marketplace.
When on the Play Store, however, vet each app you download before you install it. Make sure the description matches the purpose of the app, and that all spelling and grammar seems right. If the app isn’t what it says it is, there should be some signs upon deeper investigation.
Share This