In almost every post about Android, we recommend installing apps from official sources only, and that won\u2019t change anytime soon. A recent example illustrates why: Scammers were spreading a banking Trojan disguised as popular media players, a fitness app, a book reader, and one that hit close to home, Kaspersky Internet Security for Android.<\/p>\n
Nothing is wrong with third-party app marketplaces per se, but no one can know for sure whether any given store is trustworthy. In an official Android app store, be it Google Play or Huawei AppGallery, employees of the respective owner companies screen every application submitted by developers, weeding out any that are clearly malicious. These are large companies that protect their reputations and customers\u2019 security, and they have both the resources and the motivation to help keep users malware-free.<\/p>\n
Sometimes, however, malware does get through<\/a>, and even into Google Play, although the chances of encountering it there are much lower than on message boards, torrent trackers, or some other sites. Proudly small, independent marketplaces tend not to run many checks, typically because they lack the resources, and as a result, the apps they host could be anything in disguise, even a Trojan.<\/p>\n We should mention here that downloading malware to an Android device is not usually enough to infect it. Unless the malware relies on some kind of zero-day uber-exploit<\/a> to get superuser permissions<\/a>, installing a dangerous app in Android requires some effort. The operating system queries the user about every step: whether they really want to install the app, whether they agree to grant it the permissions it requests, and so on. Cybercriminals employ social engineering to persuade people to say yes, often with great success.<\/p>\n Here is an example. Not so long ago, a group of researchers reported<\/a> on Android applications spreading through various fake sites. The apps included a fake version of Kaspersky Internet Security for Android.<\/p>\n The scammers were spreading their fake app with the name \u201cKaspersky Free Antivirus\u201d (we used to offer a product with that name, but it was for Windows). On Google Play, our mobile antivirus app is currently called Kaspersky Mobile Antivirus: Applock & Web Security<\/a>.<\/p>\n Ironically, users who downloaded the fake antivirus app received a banking Trojan known as TeaBot, which our security products detect as HEUR: Trojan-Banker.AndroidOS.Teaban or HEUR: Trojan-Banker.AndroidOS.Regon.<\/p>\n Why is this especially problematic in the case of antivirus apps? It\u2019s because the user not only downloads and installs a banking Trojan disguised like this, but also grants it all of the permissions it requests. After all, an authentic antivirus app needs a lot of permissions, including very powerful access such as Accessibility services<\/a>.<\/p>\n Worse, in the absence of actual antivirus protection, the device cannot detect the malware.<\/p>\n Completing installation and granting all requested permissions gives the TeaBot Trojan the ability to do almost anything on the Android device. Its capabilities are many: from keylogging<\/a>, stealing Google Authenticator codes, and exploiting Accessibility in other ways all the way to gaining full remote control of the Android device.<\/p>\n Antivirus isn\u2019t TeaBot\u2019s only disguise. The malware is also available as fake versions of some well-known government, financial, fitness, and reading apps, among others. To stay safe, turn off your smartphone\u2019s ability to install applications from unknown sources altogether \u2014 Android allows that<\/a>. And if you need an app of any kind, find it on an official marketplace.<\/p>\n Be very careful as well about the permissions you grant to applications<\/a>. If a fitness app unexpectedly requests permission to use Accessibility, for example, think twice (or more) before answering.<\/p>\nMalicious security from an alternative marketplace<\/h2>\n
How to make sure an app is legit<\/h2>\n