The second wave of the COVID-19 pandemic has led to a surge in the demand for Oxymeters and with that, there are several oximeter apps in play. Cybersecurity researchers have recently found many fake oximeter apps on the Play Store as they have been stealing sensitive banking credentials. The team from Quick Heal Security Labs found that malware authors were misusing the official apps with trojan to steal users’ banking credentials. “Threat actors use reliable tools to deploy payload and third-party app stores for distribution of these fake apps,” the researchers said in a statement.
The hackers usually target the app stores because of the free availability of apps there and then they use several tools like firebase or GitHub to deploy these fake apps and different app markets like QooApp, Huawei, etc for effective publishing and distribution among a large base of users. “While threat actors are always seeking opportunities to compromise users, it is extremely critical to stay alert at every point possible,” the team said advising not to open such links shared through messages or on social media platforms
- “Check for grammar errors in the app descriptions as attackers generally use wrong English,” experts noted.
- Since reviews and ratings can also be fake, focus more on reviews with low ratings.
- “Avoid approaching third-party app stores for downloading apps or through links shared via SMS, emails and WhatsApp. These avenues don’t invest in security and hence make space for all types of apps, including the infected ones,” the researchers said.