Android users take heed: there’s a new piece of malware cropping up on the Google Play Store, and it’s coming for your data.
Dubbed “Facestealer,” this new malware can steal personal information on your phone, hijack your social media passwords by forcing fake logins, and blast your device with invasive ads.
Security researchers at Doctor Web Anti-Virus first discovered Facestealer lurking in 10 Android apps back in July 2021, but the latest batch of shady downloads includes 200 malicious apps, almost all of which were available on the Google Play Store and other third-party marketplaces for several weeks before they were taken down.
While the problem apps came from a range of categories, the most common were:
- Fake VPN services
- Camera and photo editing apps
- and—unsurprisingly— cryptocurrency-related apps.
The fake crypto apps were even seeded with additional malware that could potentially steal a user’s wallet keys.
All 200 apps have been removed from Google Play and other download sources. However, many of these apps managed to rack up thousands of downloads in the few weeks they were available. Of course, users weren’t knowingly downloading malware—such apps often appear legitimate on the surface, and even include all the advertised features, or rip off the look and design of other apps to appear more like the real thing.
These apps can even trick Google. While Google Play has built-in anti-malware safeguards and scans all apps uploaded to the service, malicious app developers have devised sophisticated ways to hide their illicit intentions. So even though Google’s scans give the all-clear, lurking in the code are simple commands that install a hidden malware payload or quietly download it in the background from an external server. (This is how other infamous Android malware like Joker and Octo work too.)
While Google may eventually catch onto these tricks, they are often reactive measures rather than proactive, meaning new infection methods could crop up at any time and take weeks to suss out. This is a major flaw in Google and Android’s security measures, and it’s not something that can be fixed overnight.
Avoiding Android malware isn’t impossible, however; you just have to be mindful of what you’re downloading so you can proactively spot problematic apps.
How to avoid Android malware
We’ve discussed many of the telltale signs of a malicious app before, including (but not limited to) if an app:
- Requests excessive and unrelated app permissions. A VPN doesn’t need access to your camera, for example.
- Requires “additional software” installations or tries to sideload extra apps.
- Spams you with ads.
- Suddenly asks for payment information to continue using free features (especially if said features are freely available from other apps or built into your device already).
- Is an obvious ripoff of other popular apps.
- Is only available on sketchy or unknown third-party stores.
Obviously, not every fake app will trip red flags—that’s part of why they’re so common—so always check the reviews first. And I mean really read the reviews. Don’t just check the app’s star rating or skim the highest-rated feedback. If you notice a bunch of 1-star reviews calling out shady behavior or poor quality or the only reviews are 5-star reviews without much information, then it’s probably fake.
And if you’re ever in doubt, just don’t download it. And if you do download something that later turns out to be fishy or an outright scam, delete it, leave a review to warn others, and report the app to Google.