3 min read

Malware and PUA Campaigns Abuse Existing Apps, Here’s a Top 10 to Watch Out For

Silviu STAHIE

May 19, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Malware and PUA Campaigns Abuse Existing Apps, Here’s a Top 10 to Watch Out For

Many threats on Android spread around the ecosystem through existing apps, such as SMS applications and email clients. Bitdefender took a closer look at just one week of activity and identified the most popular apps used to spread malware and potentially unwanted applications.

Bitdefender launched a new feature named Scam Alert through its Bitdefender Mobile Security product for Android that lets the security solution investigate incoming SMSs and notifications. It’s an opt-in feature, so only users who grant the necessary permissions can use it.

It might be weird to see a security solution emphasize SMS apps, especially since it might seem like no one really uses them anymore. The truth is that many current malware campaigns, such as Flubot, are still waged mainly over SMS. SMS apps are still widely used, especially by companies that want to send information to users without depending on an Internet connection.

Shipping companies regularly use SMS messages to keep customers apprised of the status of packages, but Flubot operators use the same types of messages in many campaigns. And that’s just one example of a type of company that could send an SMS message.

Flubot is not the only game in town

Flubot is spreading banker trojans through the entire Android ecosystem, but there are plenty of other threats, like phishing, frauds, or just potentially unwanted applications (PUA). This latter category is vast and includes apps that collect data they shouldn’t, abuse permissions to generate ad revenue, or trick users into making large payments, just to name a few.

And, of course, there is the never-ending wave of spam that hits people every day. With Scam Alert, it’s possible to intercept many of these threats before they become a problem. For example, when the user receives a notification from their email client containing a malicious URL, Scam Alert immediately issues a warning.

The problem is that many apps use the notification system, and some downright abuse it. Google Chrome is a good example, although it’s nothing Google can correct. We’ve all seen websites that request access to the notification system only to send countless annoying notifications.

PUA and malware are different beasts

Most PUA threats and spam spread over emails, but that’s not surprising. Interestingly enough, SMS apps are going strong as an infection vector, even though it’s not the first kind of app we think of when it comes to PUA or spam.

Malware, on the side, benefits fully from SMS as an infection vector, especially because Flubot campaigns are proliferating swiftly right now in many parts of the world. SMS apps dominate when it comes to spreading malware, with the rest trailing behind. It will be interesting to check this telemetry when Flubot is not so active, but it’s been going for a few months, jumping from one country to another.

Scam Alert is the perfect tool for these types of threats, and it’s integrated into Bitdefender Mobile Security by default. It offers the right kind of protection at a time when people are inundated by malicious SMS messages carrying malware and waves of frauds, spam and PUA apps that hound users every single day. The telemetry in these charts was gathered in just one week, from May 10 to May 17, 2022.

tags


Author



Right now

Top posts

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Capital One Hacker Found Guilty of Wire Fraud, Faces More than 20 Years in Prison Capital One Hacker Found Guilty of Wire Fraud, Faces More than 20 Years in Prison
Silviu STAHIE

June 22, 2022

1 min read
DDoS-for-hire service which bombarded websites with attacks earns man two years in prison DDoS-for-hire service which bombarded websites with attacks earns man two years in prison
Graham CLULEY

June 15, 2022

2 min read
DogWalk zero-day Windows bug receives patch - but not from Microsoft DogWalk zero-day Windows bug receives patch - but not from Microsoft
Graham CLULEY

June 10, 2022

2 min read