With Christmas just a few days away, users of both new and old phones might need to be more careful with what they download. A cybersecurity team has found a form of software that can steal passwords from the internet giant and use a keylogger to steal passwords from mobile devices.
Criminals have found a way to attach the form of malicious software onto legitimate applications in order to trick users into installing it on their phones. ThreatFabric found the platform on the darknet while looking into a campaign that targeted both Windows and Android users.
ThreatFabric discovered the use of zombinder when they were investigating a type of software that downloads onto a computer and masquerades as a program. The third-party service that provided the “glue” to bind the dropper capabilities to the legitimate app was discovered by researchers. Once downloaded, the app operated as usual until an update message appeared.
“If accepted by the victim, the seemingly legitimate application will install the update, which is nothing else than Ermac,” researchers at ThreatFabric wrote. “This process is achieved by glueing malicious payload to a legitimate app with minor updates made to original source code to include installation and loading of the malicious payload.”
It means that if you download an innocuous, legitimate piece of third party software, outside the realm of the Google Play Store, it will allow criminals to gain access to Gmail messages, two-factor authentication codes, and other sensitive information.
The ease in which Zombinder can be installed on the side of legitimate applications could lead to other applications being targeted, according to researchers. There are streaming service apps that have the malware in them.
The best way to avoid infecting a phone is to always install applications through the legitimate digital stores like the Play Store. The apps go through a quality control process to make sure they don’t have any viruses or malicious software in the installation packages.
If it doesn’t look legitimate or seems too good to be true, it’s usually not. Most apps that include malicious software are found on sites other than official distribution platforms, and some may ask you to install unsigned packages. Stop if you are in doubt.