As we well know, one in ten Android apps is infected with malware. Sadly, many of those apps can be downloaded from the Google Play Store. However, Google goes to great lengths to protect users and prevent malicious apps from bypassing security. The biggest source of infected programs are third-party websites and file-sharing sites and now a new malware called Oscorp is coming. This threat was made known to us by the Italian CERT which warned about a new family of malware for Android that makes use of the accessibility permissions of our device to steal our credentials and record audio and video which is called Oscorp.
Luis Corrons, Security Evangelist at Avast, indicates that if your smartphone is infected with this malware, the first thing you should do is uninstall the malicious application and change your online banking credentials. Likewise, it is important to make sure you check your bank account for suspicious activity and, if so, notify your branches. The expert also highlights that this malware “does not install itself”, it is the user who has to allow it. Therefore, if you have installed a mobile application after clicking on a link received via SMS or email and Android’s default protection has been disabled to prevent the installation of apps outside the Google Play Store, most likely is that your device is infected.
If you get tricked and give permissions to the malware, it begins to record keystrokes, uninstall applications on the device, make calls, send SMS messages, steal cryptocurrencies by redirecting payments made through the Blockchain.com application and also access to the authentication codes to be able to skip the Google 2-Step Verification. The malware then filters the data to the C2 server, including all those mentioned above and the audio and video recordings of the screen that were made through WebRTC.
It is very important to understand that Android security systems prevent applications from causing any kind of damage until the accessibility service is enabled. For this reason, it is necessary to distrust any application that requests this type of permissions since Android leaves the user the freedom to trust or not the applications installed on their device and that is the reason why cybercriminals target Android a lot, since the user are one’s greatest weakness.
More reads:
Hiddad malware that affected Android systems
MobileInter Skimmer that targets mobile devices
