What appeared to be a harmless and easy-to-use messaging service for Android users turned out to have dark ulterior motives.
It takes the phone number of everyone who downloads it and allows others to “rent” them for use with account creation services.
CLICK TO GET KURT’S CYBERGUY NEWSLETTER WITH QUICK TIPS, TECH REVIEWS, SECURITY ALERTS AND EASY HOW-TO’S TO BE SMARTER
Read on to find out what you need to know about fake Android apps and how to protect yourself from malware.
(Reuters, File)
Thankfully, thanks to some intrepid security researchers, the app was successfully shut down.
I “read” I caught it with my hand
of Symoo App I was charged on Google Play as “JustSms is an easy-to-use SMS application.”
Shockingly poor grammar should have been a serious red flag in the first place, but the app managed to attract over 100,000 downloads and a 3.4 rating on Google Play.
Although not all reviews were rave.
In fact, many users immediately noticed something was wrong and reported that the app asked for a one-time password upon installation and seemed to hijack their phones.
These red flags also caught the attention of French security researcher Maxime Ingrao, who now works for cybersecurity firm Evina.
Upon learning that the app had malware attached, Ingrao shared exactly what Symoo did with his app. twitter page.
How to increase font size on Android
Screenshot of Maxime Ingrao sharing that cybersecurity firm Evina’s app is loaded with malware.
(Fox News)
Accompanied by a screenshot, Ingrao says Symoo reads all messages and sends them directly to a server specifically designed to sell “create accounts” and people use their phone numbers to be authentic. I explained how I authenticated using a phone compromised to the service. These fake accounts through messages. Ingrao went on to point out that Symoo is India’s number one new SMS app for him, with over 100,000 victims.
how exactly did that work?
Ingrao went on to explain that Symoo first obtained the user’s information by asking for the user’s phone number on the login page.
Android font size tutorial
Screenshots by French security researcher Maxime Ingrao explaining what the app hides.
(Fox News)
On the next screen, the application appeared to load, but it was all a cover-up, hiding the interface of numbers being sent to various subscription services.
After the app has finished loading, it freezes and prompts the user to delete the app.
However, their phone numbers were already known at that point, and the users’ phone numbers were used to create fake accounts on numerous platforms, including Facebook and Instagram.
Later, Ingrao shared that he was able to trace the malware to the “goomy” domain.[dot]fun”, the domain used by the app called Virtual Numbers.
How to send spam calls directly to your phone’s voicemail
A screenshot from a French researcher showing how malware can be traced back to a specific app.
(Fox News)
Virtual Numbers was created by the same developer as Activation PW. Activation PW is a website that provides users with numbers from over 200 countries that can be used to create fake accounts.
According to Bleeping Computer, users could rent numbers for as little as 50 cents to verify fake accounts.
Thankfully, a Google spokesperson later confirmed to Bleeping Computer that both Symoo and Activation PW have been removed from Google Play and the developers have been banned.
Be careful what you download
It’s easy to get carried away and download apps that you think you’ll enjoy.
And if it’s available on Google Play, it should be safe, right?
Unfortunately, as above, it’s not a guarantee. Rouge’s dangerous apps regularly infiltrate the Google Play app store before being removed long after endangering thousands of people.
Thankfully, with these common sense tips, figuring out which apps to avoid isn’t too difficult.
Check your rating.
If most of your app’s ratings are 2 stars or less and users seem to struggle to say anything good about it, they may avoid downloading it.
The best way to charge your cell phone battery
Make sure your software is up to date.
Luckily, certain malware doesn’t work with the latest software, so always make sure your devices like iPhones, Androids, and browsers are updated fairly regularly.
Download an antivirus app.
Installing antivirus software on your device is one of the surest ways to ensure protection from malware and phishing scams.
With easy setup, real-time antimalware protection, and excellent customer service, TotalAV is one of the most reliable antivirus services available today. You can read my best antivirus reviews of the top protections for PC, Mac, Android and iOS devices by searching for “best antivirus” on CyberGuy.com.
Do not download apps from sent links
The most important tip is to avoid links from social media, texts, or emails to download apps from sources other than the official Google Play Store and Apple App Store.
If you have even the slightest doubt about the safety of the app, we recommend that you follow your instincts and stay away from your phone.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Copyright 2023 CyberGuy.com. All rights reserved. Articles and content on CyberGuy.com may contain affiliate links that earn a commission on purchases.