Do you have an Android device? 

Even if you don't, you know someone who does.

Google is incredibly good at spotting poisoned copies of apps on its Play Store and getting rid of them before they can spread to the devices of users who rely on the safety and security offered by the Play Store.

As good as they are, they're not perfect and sometimes malicious code masquerading as a legitimate app can slip through the company's impressive filtering system.

Recently, the company discovered that an Android app that has more than 100k installs contains a trojan called "FaceStealer" which displays a Facebook login screen that requires users to log in before they can make use of the app.


You can lose the keys to your digital kingdom

Although the Facebook login prompt looks official, it is not, and all a user accomplishes by entering their login credentials is to give those credentials to the hackers that control the code.  Given that millions of people around the world use their Facebook login details to connect to a host of other websites, this essentially gives the hackers the keys to your digital kingdom. From that point there's really no end to the amount of damage they can do.

In addition to making the discovery itself, the researchers who originally brought the poisoned app to Google's attention did a deep dive into the malicious code and discovered that the author has apparently automated the repackaging process. This means that it's a trivial matter to turn almost any legitimate app into a carrier of this trojan.

Given that fact, it's worth asking the question, "How many other poisoned apps might there be on the Play Store right now?"


My perspective

It's a fair question with no easy answer.  Your best bet is to practice extreme caution when downloading any app, only get them from the Google Play store and do as much due diligence as possible before committing to an installation.


It is well to remember what Oda Mae said:
Molly, you in danger, girl


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this post. I always take into mind that your time and attention are precious. And these posts need to be timely, to the point, and short.

For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work-at-home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.


Contact me if you would like me to speak to your association