ESET warns against alternative Android app stores
ESET warns against alternative Android app stores
Just like SMS Trojans, ransomware threats have evolved over the past few years with hackers adopting techniques that have proven effective in regular desktop malware to develop lock-screen types and file-encrypting ransomware.
This is according to Teddy Njoroge, Kenya Country Manager for ESET who says ransomware is a fast growing problem for users of mobile devices. "It has been causing major financial and data losses for years and it has now made its way to the Android platform."
The Internet security company, ESET East Africa, has issued an alert to mobile phone users running on the Android platform to be wary of alternative app stores' potential to spread malware such as screen locking malware.
ESET advised that users should always download apps from official app stores and also practice caution when downloading any content from the Internet, adding that anything suspicious in a file's name, size and extension should be watched.
As reported by tech trends KE, the alert comes after Cyber-crime researchers at ESET discovered that a Turkish alternative Android app store, CepKutusu, was spreading malware under the guise of all the offered Android apps on the site.
"When users browsed the Turkish alternative app store and proceeded to download an app, the 'Download now' button led to banking malware detected as Android/Spy.Banker.IE instead of the desired app," reports tech trends KE.
"After ESET researchers turned to the store's operator with the discovery of the attack, the store ceased the malicious activity, an entirely new tactic by cybercriminals," says Lukas Stefanko, ESET Android malware researcher.
"This is the first time I've seen an entire Android market infected like that. Within the Windows ecosystem and in browsers, this technique is known to have been used for some time but in the Android ecosystem, it's really a new attack vector," he adds.
Although the misdirection on CepKutusu was from a legitimate app to the banking malware, the crooks behind the campaign added an exception, a seven-day window of not serving malware after a malicious download, falsely serving the user with clean download links.