New Delhi: With the lethal second Covid wave causing a surge in demand for oximeters in India, security researchers have discovered fake oximeter apps on the Play Store.
Quick Heal Security Labs discovered that malware authors were using official apps infected with trojan to steal users’ banking credentials. “Threat actors use trusted tools to deploy payload and third-party app stores to distribute these bogus apps,” the researchers said in a statement.
Attackers primarily target app stores, which offer both free and paid apps. They deploy these fake apps using various tools such as firebase or GitHub, as well as various app markets such as QooApp, Huawei, and others for effective publishing and distribution to a large user base.
“While threat actors are constantly looking for ways to compromise users, it is critical to stay alert at all times,” the team said. They advised against opening links shared in messages or on social media platforms.
“Check for grammar errors in app descriptions, as attackers frequently use incorrect English,” they advised. Because reviews and ratings can also be faked, pay special attention to reviews with low ratings.
“Avoid downloading apps from third-party app stores or from links shared via SMS, emails, and WhatsApp. These routes do not invest in security and thus allow for any type of app, including infected ones “According to the researchers.