CNA Explains: Are Android devices more prone to malware and how do you protect yourself from scams?
Why are scammers more likely to target Android users? How do you spot a fake app and what should you do if your device is infected by malware?
A stock photo of an Android phone. (Photo: iStock/NguyenDucQuang)
SINGAPORE: There has been a spate of malware scams targeting users of Android devices, prompting the Singapore Police Force to issue public advisories in recent months.
The modus operandi in some cases - tricking victims into clicking on social media posts on the sale of food items, before getting them to download a malicious application to make payment.
Advertisement
In another scam variant, some people received an unsolicited SMS directing Android users to download a fake “anti-scam” app.
"Once victims download and install the app containing malware, the malware will allow scammers to access the victims’ devices remotely and steal passwords stored in the devices,” the police said in an advisory.
Is the Android system more susceptible to malware, what’s being done to address such risks and what can you do to protect your devices? CNA gets the answers from cyber and mobile security experts.
Why are scammers more likely to target Android users?
The Android operating system is more likely to be used by scammers for a few reasons, said Mr Steven Scheurmann, regional vice president for ASEAN of cybersecurity company Palo Alto Networks.
“Firstly, the open nature of the Android platform allows for greater flexibility and customisation, making it easier for malicious actors to create and distribute fake app stores or unauthorised apps,” he explained.
Advertisement
Mr Scheurmann noted that Android users can download apps from sources other than the official Google Play Store, which increases the likelihood of fraudulent or malicious apps.
“This openness also makes it challenging for Google to regulate and monitor all app distribution channels effectively,” he added.
In addition, each type of Android device might have a different set of governance, adding to the complexity of securing the device.
Threat actors are constantly trying to exploit vulnerabilities in systems.
For instance, there has been a surge of malware for the Android platform attempting to impersonate the ChatGPT app, according to a report by Palo Alto Networks’ Unit 42, which brings together a team of cybersecurity consultants, researchers and incident responders.
Advertisement
“These malware variants emerged along with the release by OpenAI of GPT-3.5, followed by GPT-4, infecting victims interested in using the ChatGPT tool,” the report stated.
Does this mean Apple’s operating system is safer?
For iOS, users are only allowed to install approved apps from Apple’s official App Store.
“This approach provides Apple with greater control over the apps available to users, reducing the chances of malware being distributed through alternative sources,” said Mr Ryan Lo, senior manager in solutions engineering at tech company F5.
"Bad actors are therefore less likely to devise fake iOS App Stores as they have a lower likelihood of success."
However, Mr Paul Wilcox, vice president for Asia Pacific and Japan of IT security company Infoblox, cautioned that although iOS does have some security advantages over Android, it does not make the Apple system “bulletproof”.
Advertisement
"I think it is important to understand that all devices are prone to attack," he said. "It does sometimes seem that Android devices are targeted more, and that is because generally, over 70 per cent of the world's phones are in fact Android-based."
Agreeing that no system is entirely foolproof, Mr Scheurmann noted that Palo Alto Networks' Unit 42 has identified various malware in recent years that were able to bypass the iOS code review process.
User behaviour is also important in guarding against a potential security breach.
“In fact, from what I have seen, iPhone owners seem to be much more lax in their approach to securing their devices as they believe that iPhones are ‘safe’, and the likelihood of them installing security software is extremely low,” Mr Wilcox said.
“User behaviour makes iOS users increasingly attractive targets for hackers, so all mobile phone users should be equally vigilant.”
He added: “The days of any mobile device user feeling impenetrable are over, and all users should embrace the same diligent attitude, not just to online malware, but scammers and fake websites.”
What has Google done to combat malicious apps?
Google said it does not permit any apps on its Play Store that are deceptive, malicious or intended to misuse any network, device or personal data.
“We also have built-in malware protection, Google Play Protect that uses machine learning models to automatically scan over 100 billion apps on Android devices every day for fraud and malware,” a spokesperson said in response to CNA’s queries.
Google Play Protect is turned on by default.
Google added that in 2022, it prevented 1.43 million policy-violating apps from being published on Google Play. This was done through a combination of security features, continued investment in machine learning systems and its app review process, said the spokesperson.
“When we find that an app has violated our policies, we take appropriate action,” Google said.
In response to questions about what is being done about links to malicious Android apps that may appear on Google’s search engine, the tech company said it uses automated systems that seek to identify pages with scammy or fraudulent content and prevent them from showing up in Google Search results.
“We are also constantly working to ensure that users’ ad experiences are safe on our platforms. If we find advertisers who violate our policies or misrepresent themselves, we take quick action,” the spokesperson said, adding that users can also report bad ads that they think are harmful.
What else can be done?
Google, as well as the experts, highlighted that user education is key when it comes to combating malware.
"Users need to understand the risks associated with apps from unknown sources, how to differentiate untrusted apps from legitimate ones, and the importance of only downloading trusted apps from the official Google Play Store. This could help reduce the installation of potentially harmful third-party apps," said Mr Lo.
Developers also need to follow app security best practices to design robust data protection measures during development.
"This would make it harder for bad actors to exploit vulnerabilities in the app to inject malicious code (malware) which could cause app outages and data breaches," he added.
Mr Scheurmann suggested that there is a need to standardise the governance of all types of Android devices. "However, if this can't be achieved, having tools to automate and ensure governance is critical," he said.
How do I spot a fake or potentially malicious app?
Android users are advised to only download apps through the official Google Play Store.
Before downloading any app, whether on Android or Apple devices, users should also check its reviews and rating, as well as the number of downloads it has.
"This can often provide some markers on the app's trustworthiness and reputation," Mr Wilcox said.
"During installation, pay attention to the permissions the app requests. Be cautious if an app asks for unnecessary or excessive permissions that seem unrelated to its intended functionality."
Fake apps often ask for additional authorisations that are not strictly necessary, said Google’s spokesperson. For example, a navigation app should not ask for access to a user’s contact list or photos.
Similarly, there is no reason a calculator app needs to use your camera and location.
Another red flag for fake apps would be its icon. While fake apps commonly use the same icon as the real one, at times the icon might not be high quality or is “abnormally pixellated”, said Google.
Having a poorly written app description or none at all is also a red flag, said Mr Scheurmann.
What other safety tips should I take note of?
Whether you are an Android or Apple user, the experts advised people to ensure that their device's operating system, apps and security software are kept up to date, as updates often include security patches that protect against vulnerabilities.
Users should review hyperlinks from text messages or emails before clicking on them. Suspicious links could lead users to unofficial app stores where malicious apps can be downloaded, said Mr Lo.
He also advised people against writing down passwords on their phones’ note-taking apps as a security practice.
"This is a risky practice that could compromise their information," added Mr Scheurmann.
A man who recently lost more than S$40,000 (US$29,600) in CPF savings to a malware scam told CNA that he suspects the scammer had accessed his passwords and other login details in a note-taking app on his phone.
Users may consider using password managers which are secure and encrypted tools that will store all their passwords in one place, said Mr Lo. "It generates strong, unique passwords for each account and automatically fills in passwords when users need to log in," he added.
What should I do if my phone is affected by malware?
If your phone is affected by malware, experts recommend that you disconnect the device from the internet, either by turning off Wi-Fi and mobile data or by enabling airplane mode.
“This will prevent the malware from communicating with its command-and-control servers and further spreading or causing harm,” said Mr Wilcox.
Next, attempt to boot your device in safe mode to disable third-party apps temporarily. Go through your list of installed apps to identify if any of them could be suspicious or contain malware.
"Pay attention to apps with generic names, misspellings, or unauthorised app store icons," said Mr Wilcox.
After uninstalling the suspicious apps, install mobile security software from a trusted source to do a final scan of any remaining malware viruses.
"As a last resort, reset factory settings. This should only be done if the malware is quite resilient, as this will affect all the device’s previously-stored data," said Mr Scheurmann.
As your credentials could have been accessed by bad actors through malware, you should also reset your passwords.
Following a malware infection, you should take note of any warning signs of identity theft, such as any failed login attempt emails or missing mail, said Mr Scheurmann.
If there are any unknown activities or financial transactions, you should suspend your bank accounts as soon as possible.
Posts
