3 min read

Malware and PUA Campaigns Abuse Existing Apps, Here’s a Top 10 to Watch Out For

Silviu STAHIE

May 19, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Malware and PUA Campaigns Abuse Existing Apps, Here’s a Top 10 to Watch Out For

Many threats on Android spread around the ecosystem through existing apps, such as SMS applications and email clients. Bitdefender took a closer look at just one week of activity and identified the most popular apps used to spread malware and potentially unwanted applications.

Bitdefender launched a new feature named Scam Alert through its Bitdefender Mobile Security product for Android that lets the security solution investigate incoming SMSs and notifications. It’s an opt-in feature, so only users who grant the necessary permissions can use it.

It might be weird to see a security solution emphasize SMS apps, especially since it might seem like no one really uses them anymore. The truth is that many current malware campaigns, such as Flubot, are still waged mainly over SMS. SMS apps are still widely used, especially by companies that want to send information to users without depending on an Internet connection.

Shipping companies regularly use SMS messages to keep customers apprised of the status of packages, but Flubot operators use the same types of messages in many campaigns. And that’s just one example of a type of company that could send an SMS message.

Flubot is not the only game in town

Flubot is spreading banker trojans through the entire Android ecosystem, but there are plenty of other threats, like phishing, frauds, or just potentially unwanted applications (PUA). This latter category is vast and includes apps that collect data they shouldn’t, abuse permissions to generate ad revenue, or trick users into making large payments, just to name a few.

And, of course, there is the never-ending wave of spam that hits people every day. With Scam Alert, it’s possible to intercept many of these threats before they become a problem. For example, when the user receives a notification from their email client containing a malicious URL, Scam Alert immediately issues a warning.

The problem is that many apps use the notification system, and some downright abuse it. Google Chrome is a good example, although it’s nothing Google can correct. We’ve all seen websites that request access to the notification system only to send countless annoying notifications.

PUA and malware are different beasts

Most PUA threats and spam spread over emails, but that’s not surprising. Interestingly enough, SMS apps are going strong as an infection vector, even though it’s not the first kind of app we think of when it comes to PUA or spam.

Malware, on the side, benefits fully from SMS as an infection vector, especially because Flubot campaigns are proliferating swiftly right now in many parts of the world. SMS apps dominate when it comes to spreading malware, with the rest trailing behind. It will be interesting to check this telemetry when Flubot is not so active, but it’s been going for a few months, jumping from one country to another.

Scam Alert is the perfect tool for these types of threats, and it’s integrated into Bitdefender Mobile Security by default. It offers the right kind of protection at a time when people are inundated by malicious SMS messages carrying malware and waves of frauds, spam and PUA apps that hound users every single day. The telemetry in these charts was gathered in just one week, from May 10 to May 17, 2022.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read
Slope Wallets Blamed for $6 Million Solana Hack Slope Wallets Blamed for $6 Million Solana Hack
Silviu STAHIE

August 04, 2022

1 min read
Wiseasy Employee Credentials Found Online, More than 140,000 POS Terminals Affected Wiseasy Employee Credentials Found Online, More than 140,000 POS Terminals Affected
Silviu STAHIE

August 03, 2022

1 min read