Once again, hackers are showing why you should never, ever download apps outside official app stores.
Hackers have gained access to more than 1.3 million Google accounts – emails, photos, documents and more – by infecting Android phones through illegitimate apps.
Apparently the hackers have managed to steal digital “tokens” that give them access to Google services, like a person’s email and photo collection. But according to Google, hackers have not yet tapped that information and stolen it.
The massive hack appears to be a criminal enrichment scheme. The malware also installs malicious advertising software that tracks users, a potential boon for data-hungry marketers.
Infected Android smartphones begin to install other, legitimate Android apps — then rate them highly. This fraudulently inflates their reputation.
Google has already removed the legitimate apps from its official store that have benefited from this ratings conspiracy, according to a blog post by Adrian Ludwig, the company’s director of Android security.
Google says it has blocked 150,000 versions of this kind of nasty cyber attack. But the problem persists. Another 13,000 devices are getting infected and breached daily, according to researchers who have been tracking this type of cyber attack since last year.
Check Point has set up a website — Gooligan.CheckPoint.com — for people to check if their devices have been hacked. (It requires you to enter your Google email address, gives you a response, and offers the company’s “ZoneAlarm” product.)
Alternatively, Android users could check to see if they have downloaded illegitimate versions of any of the apps listed below.
Smartphone owners are advised to only download certified computer programs from official repositories. Google has its Google Play store. Apple has its App Store.
But some people insist on visiting unofficial app stores – typically on shady websites – because they offer free, counterfeit versions of popular apps.
Not surprisingly, a malware, spread in unofficial markets, can create real damage.
Google stressed numerous times that users should avoid downloading outside of Google Play.
Here’s the list of potentially infected apps:
- Perfect Cleaner
- Demo
- WiFi Enhancer
- Snake
- gla.pev.zvh
- Html5 Games
- Demm
- memory booster
- แข่งรถสุดโหด
- StopWatch
- Clear
- ballSmove_004
- Flashlight Free
- memory booste
- Touch Beauty
- Demoad
- Small Blue Point
- Battery Monitor
- 清理大师
- UC Mini
- Shadow Crush
- Sex Photo
- 小白点
- tub.ajy.ics
- Hip Good
- Memory Booster
- phone booster
- SettingService
- Wifi Master
- Fruit Slots
- System Booster
- Dircet Browser
- FUNNY DROPS
- Puzzle Bubble-Pet Paradise
- GPS
- Light Browser
- Clean Master
- YouTube Downloader
- KXService
- Best Wallpapers
- Smart Touch
- Light Advanced
- SmartFolder
- youtubeplayer
- Beautiful Alarm
- PronClub
- Detecting instrument
- Calculator
- GPS Speed
- Fast Cleaner
- Blue Point
- CakeSweety
- Pedometer
- Compass Lite
- Fingerprint unlock
- PornClub
- com.browser.provider
- Assistive Touch
- Sex Cademy
- OneKeyLock
- Wifi Speed Pro
- Minibooster
- com.so.itouch
- com.fabullacop.loudcallernameringtone
- Kiss Browser
- Weather
- Chrono Marker
- Slots Mania
- Multifunction Flashlight
- So Hot
- HotH5Games
- Swamm Browser
- Billiards
- TcashDemo
- Sexy hot wallpaper
- Wifi Accelerate
- Simple Calculator
- Daily Racing
- Talking Tom 3
- com.example.ddeo
- Test
- Hot Photo
- QPlay
- Virtual
- Music Cloud
If you find yourself with a compromised device, the best solution usually is to do a complete factory reset. Yes, it will erase all of your personal data, but there are better chances of also removing all compromised programs.