Beware of Apps that Can Steal your Cash
Earlier this week a powerful malware known as “MobOk” was found hiding in seemingly legitimate photo editing apps available on the Google Play store. The photo editing apps “Pink Camera” and “Pink Camera 2”, once installed can take complete control over your mobile device and can steal personal data from victims and use that to sign them up to paid subscription services, essentially stealing the victims money.
Both apps are very ordinary, but the malicious activities start when the user gives the app permission to “access Wi-Fi controls” which is entirely unnecessary for a photo editor.
Similarly, the U.S. Department of Homeland Security (DHS) just issued an alert about a number of mobile applications containing a technology called Ultrasound Cross Device Tracking (uXDT), which uses the microphone of one mobile device to pick up human-inaudible sounds emitted by another. Sometimes the purpose is simply user profiling for marketing purposes, as in the case of Google Cast. Sometimes it is used by malactors for nefarious purposes.
What can you do?
Since researchers discovering the hidden Malware, “Pink Camera” and “Pink Camera 2” have been removed from the Google Play store so the immediate threat is over. If you did install this app – delete it. Similarly, researchers are doing more to identify malicious use of uXDT. However, the key takeaway is that when you download any app onto your mobile device always proceed with caution when the app asks for permission to access your data or a feature on your mobile phone (your microphone, for instance.). Any legitimate app should explain why it is asking for what permissions that it is asking for but these pop-ups can be short or vague. Use common sense for example ask yourself if the level of permission makes sense for the functionality of the app. Remember, you can always deny a permission when you install the app and reinstate it later if the loss of functionality becomes a problem.
Learn more about third party apps and permissions on our Cybersafe website.
Stay aware and stay cybersafe!
About Cybersafe
The Division of Information Technology is dedicated to informing the community of the latest cybersecurity threats. Visit fitnyc.edu/cybersafe and stay tuned for emails from [email protected] for the latest from the Cybersafe campaign at FIT.
Patricia Krakow and Walter Kerner
Division of Information Technology