Malicious apps that have been installed 10 million times

The term computer virus is often used instead of malware, although in fact these two terms are not synonymous, and in the most accurate sense, a virus is a program that reproduces itself continuously and infects the computer by spreading itself from one file to another, then When files are copied from one computer to another and shared between two or more computers, it is passed from the infected computer to others and the process continues.

According to Aetna from Isna, ransomware has some key features that set it apart from other malicious software, and unbreakable encryption is one of its features; That means you can’t decrypt the files yourself, but ransomware can encrypt all kinds of files, from documents to images, audio files, and anything else you might have on your computer.

There are several reasons why ransomware creators and distributors target home users. Because home users don’t have data backups, haven’t received cybersecurity training, and can click on anything; Lack of online security knowledge makes it easy for cyber attackers to gain access to their information.

In this regard, it has recently been announced that several Android malicious programs containing malware have been found on Google Play and have been installed on mobile devices nearly 10 million times. These programs appear as image editing tools, virtual keyboards, system optimizers, and more. But in reality, their goal is to send annoying ads, subscribe users to special services, and even steal users’ social network accounts. These malicious programs are detected by the antivirus team of Dr. Web have been discovered.

Google has removed most of the programs offered, but there are still malicious programs that can be downloaded and installed on Google Play; It should be noted that if there are programs installed on the device, they should be manually removed from the device and an antivirus scan should be performed to check for any malicious effects from the device.

These apps ask users to add themselves to the energy saving list. As you can see in the figure below, this will cause the malicious program to continue working in the background even after the user closes the program.

These malicious programs try to hide their icons from the app drawer or replace themselves with important system icons like “SIM Toolkit”. This action is done in order not to be identified by users and security tools. Other malicious programs have also been identified that by installing them, users connect to paid subscription services unintentionally and without knowledge; This subscription causes charges to be deducted from users’ mobile phones.

According to the announcement of the Emergency Management Center and Computer Incident Operations Coordination, Android malicious programs always find a way to enter Google Play and sometimes these programs may stay there for months. Therefore, you should not easily trust any program, and to reduce the effect of these threats, it is recommended to observe points such as checking the opinions and ratings of users, reading the visibility of the privacy policy of the developer’s website, and paying attention to the permissions requested during installation.

Preventive measures and limiting the effectiveness of ransomware attacks

Among these measures, we can mention the preparation and maintenance of backup copies of information offline. It should be noted that this backup copy must be completely offline and physically separated from the network and systems, because the presence of any online connection such as a NAS connected to the network, an external hard drive connected to a USB port or a NAS partition connected to servers can be used when an attack occurs. resulting in the loss of the backup copy along with the original data.

Also, it is necessary not to use unreliable software, especially cracked and invalid programs, installing and updating antivirus on the level of all systems connected to the network, monitoring and monitoring the Active Directory server as the most important system on the network level, and continuous updating of software and operating systems are other measures.

In the end, it can be said that in case of infection with ransomware attacks, manipulation of the infected system should be avoided as much as possible. If there is backup data, it is better to refrain from restoring until the malware is not cleaned, because the presence of malware may lead to re-infection and the backups will be lost. Also, during an accident, the infected computers should be turned off immediately and restarted through the operating system of the device itself, and all hard drives and storage media should be physically removed from the circuit during the accident.