While the latest Android malware you should look out for hasn’t been as popular as the scammy apps that recently drove 382+ million downloads, it’s plenty serious.
Security researchers from Trend Micro recently called out a number of Android apps—with more than 470,000 total downloads combined—for being bogus system-cleaning utilities that actually had the potential to install more than 3,000 other malware apps on a user’s device. Worse, these shitty apps could also log into these other shitty apps using your Facebook or Google credentials to help perpetuate advertising fraud (and likely get the malware’s creators a decent payout, until caught).
As Trend Micro describes:
Based on our analysis, the 3,000 malware variants or malicious payloads (detected by Trend Micro as AndroidOS_BoostClicker.HRX) that can be possibly downloaded to an affected device with this campaign pretend to be system applications that do not show app icons on the device launcher or application list. The cybercriminals behind this campaign can use the affected device to post fake positive reviews in favour of the malicious apps, as well as perform multiple ad fraud techniques by clicking on the ads that pop up.
Though odds are good that you haven’t been infected by the original apps or the malware they dump on your device, here’s a quick list of the apps you’d want to look out for (just in case):
Shoot Clean-Junk Cleaner,Phone Booster,CPU Cooler
Super Clean Lite- Booster, Clean&CPU Cooler
Super Clean-Phone Booster,Junk Cleaner&CPU Cooler
Quick Games-H5 Game Centre
Rocket Cleaner Lite
Speed Clean-Phone Booster,Junk Cleaner&App Manager
What’s more important in this case is Trend Micro’s takeaways for avoiding shitty apps like these on the Google Play Store. But first, I’m going to give you my advice: You don’t need cleaner apps for your Android. Sample size of one here, but I’ve never used (or needed) a cleaner app in all the countless years I’ve used Android, and my devices have never suffered. Besides, you’re only asking for trouble if you actually think that an app with a scammy-sounding title like “Super Clean-Phone Booster,Junk Cleaner&CPU Cooler” is going to do anything helpful for your phone.
If you really, really feel like your device’s performance is terrible, consider backing up your photos and videos to the cloud, factory reset your device, and set it up from scratch again. Odds are good your device will still feel slow, since newer apps and operating system updates might have more demanding requirements than when you first purchased your smartphone, but you might at least be able to clear up some system resources by mass-clearing out any background apps you forgot about. And if your phone was nearly maxed out with data, clearing up some space might make Android feel a little faster.
As for Trend Micro, they have a great observation about how it’s difficult to verify an app’s legitimacy by only looking at its reviews and ratings—if you’re just focusing on numbers and stars, that is.
Verifying an app’s legitimacy is typically done by checking user-created reviews on the Play Store. However, in this particular case, the malicious app is capable of downloading payloads that can post fake reviews unbeknownst to the user. Despite the slew of positive reviews, it does leave some red flags — even though different users left positive reviews, the comments they leave contain the same, exact text: ‘Great, works fast and good.’ They also gave the app the same four-star rating.
As always, stick to downloading apps from Google Play and turn off your device’s ability to install apps from unknown sources, if you’ve ever used that to sideload an app and forgot to reset it. When you’re considering installing a new app on your device, even from Google Play, ask yourself whether it’s truly necessary. Do a web search to see if more trustworthy alternatives exist from well-known app developers and brands. Read the reviews to see if they sound off. Has the app been around for years and received regular updates, or is this an app’s very first version—and, somehow, it’s racked up a ton of reviews despite only being a few days old?
Unfortunately, the onus is on you to keep your device free of crappy apps. Google can help, but it can’t catch everything in advance—as we’ve seen. And make sure you’re giving your friends this advice, too; you might be smart, but your loved ones who are a bit less tech-savvy are probably going crazy with cleaner and other crapware downloads. Help them!