You may want to double-check the apps you’ve recently downloaded to your Android phone. That's because a dangerous new strain of malware, called Arsink, has been discovered hiding inside some of the most popular apps — and it has already infected more than 40,000 devices.
Cybercriminals are creating convincing fake versions of well-known platforms such as WhatsApp, Instagram, TikTok, Facebook, Telegram, YouTube, Spotify, and even Google-branded apps. Once downloaded, these malicious apps can install malware that reads your text messages, scans your call history, and steals your contacts.
Even more worrying, hackers can use the malware to listen in on your conversations by accessing your microphone. Security experts at Zimperium zLabs have flagged this as one of the most troubling Android surveillance threats seen in recent months.
The UK and many other parts of the globe have been affected by the malware installed on thousands of Android phones
|Zimperium zLabs said in a statement: "From a user’s perspective, these apps appear harmless, most offer no real functionality beyond intrusive permission prompts, yet behind the scenes, they perform continuous exfiltration of messages, contacts, call logs, location data, and media content, while allowing operators to issue remote commands and even wipe files."
These dodgy apps look almost identical to these popular apps, too, but often promise you special "pro" features or exclusive extras that sound tempting.
However, the catch is that they're not distributed via the official Google Play Store. Instead, criminals are pushing them through social media posts and other online platforms.
Around 50 well-known brands are being impersonated in this scam, so you'll need to be cautious about where you download apps. This method is also known as sideloading, which has been seen across a slew of devices in recent months.
It's pretty popular too, as you can often access apps that are unavailable in a specific geographic region or get copyrighted material at a fraction of the normal subscription costs. Amazon recently cracked down on sideloading apps on their Fire TVs in the UK.
The Google Play Store is the official destination to download apps for your Android device
|What makes this particular attack so sneaky is that these fake apps appear completely harmless when you download them. Most of them will ask you to grant permission to specific requests, which is one of the ways the malware is able to infiltrate your device.
To best protect yourself, it's best practice to not sideload any apps onto your Android device unless you're certain where they come from, such as the Google Play Store.
LATEST DEVELOPMENTS
If you spot a text message or social media post claiming there's a new version of your favourite app available with a link, it's important not to click on it, as it's likely a scam. After following the link, it may prompt you to input personal information, which could then be stolen by fraudsters.