Android users in UK are some of the 'most targeted by hackers' on the planet

Android users in the UK are being warned that they’re among the top targets for cyber criminals. A new study that looks at the dangers of banking malware has revealed the UK is the seventh most targeted country when it comes to these type of hacker attacks. Not only that, but the research from ThreatFabric revealed that bad actors are increasingly turning to a type of Android malware that is much harder to detect.

This new wave of malware is capable of On-Device Fraud (ODF) attacks.

This is a sneaky method of initiating fake transactions on a victim’s device, and it includes modifying crucial user interface fields like username and password boxes, logging into banking apps which previously stolen login, and the ability to transfer funds automatically.

Researchers at ThreatFabric have seen a 40 percent increase in malware that includes these type of capabilities in the first quarter of this year.

Speaking about this rising threat, the Dutch cybersecurity firm said: “The most worrying leitmotif is the increasing attention to On-Device Fraud (ODF).

“Just in the first five months of 2022 there has been an increase of more than 40 percent in malware families that abuse Android OS to perform fraud using the device itself, making it almost impossible to detect them using traditional fraud scoring engines.”

The most widely used types of ODF malware are the Hydra, FluBot, Cerberus, Octo and ERMAC trojans.

And the study discovered droppers on the Google Play Store – disguised as apps that help with productivity – which spread the nasty bugs.

The Play Store apps that recently were discovered spreading malware include NanoCleaner, QuickScan, Pocket Screencaster and Fast Cleaner.

Suffice to say, if you have these apps on your phone delete them now.

To help you to avoid this rising wave on banking malware, it’s good to follow typical best practice.

Download apps from the official Google Play Store, instead of third-party marketplaces, and make sure you double check key details about these apps.

For instance, see the amount of installs of the app, read through the reviews and look into details about the developer.

Also, alarm bells should be ringing if an app you download starts asking for permissions that seem totally uncessary – such as asking to see contact information when there’s no reason for the app in question to need to see this.

Having an anti-virus app installed on your device from a trusted name will also help add an extra, crucial layer of protection.

You should also use two factor authentiation (2FA) where it is offered.

Speaking about its findings, ThreatFabric went on to add: “The On-Device Fraud (ODF) trend we predicted in 2021 continues and we expect more and more malware families to implement ODF capabilities. The openness of Android OS serves both good and bad as malware continues to abuse the legitimate features, whilst upcoming restrictions seem to hardly interfere with the malicious intentions of such apps.”

For anyone that unfortunately ends up downloading such malware as FluBot or ERMAC, ThreatFabric added: “Different malware operates differently, and for the average user, uninstalling the malware can be very hard if not impossible. In this cases, the only process that we can recommend is a full factory reset of the device together with a change of all credentials, both for banking applications as well as social media apps and cryptowallets.”

Here is a full list of the apps found on the Play Store that were spreading such malware and its package name…

Nano Cleaner com.casualplay.leadbro

QuickScan com.zynksoftware.docuscanapp

Chrome com.talkleadihr

Play Store com.girltold85

Pocket Screencaster com.cutthousandjs

Chrome com.biyitunixiko.populolo

Chrome Mobile com.xifoforezuma.kebo

BAWAG PSK Security com.qjlpfydjb.bpycogkzm

source: express.co.uk