histats

These 90 Malicious Android and iOS Apps Spy on You and Display Fake Ads

These 90 Malicious Android and iOS Apps Spy on You and Display Fake Ads

Cyber ​​attacks come in many forms, and some allow hackers to take control of your phone. Others steal personal information or sign you up for subscription services that are difficult to cancel. It’s not easy to tell if your phone has been compromised. Is someone watching everything you do? Tap or click here for some tips to diagnose a hacked phone.

This past summer, we reported on hundreds of apps being removed from the Google Play Store and Apple’s App Store. And as we enter the fall, there are no signs that things will change.

Cybersecurity researchers uncovered around 90 malicious apps downloaded over 13 million times. We show you how these dangerous apps work and ways to avoid them.

This is not a game

A report by the Satori Threat Intelligence and Research Team shows an alarming new crop of bad Android and iOS apps. These apps are an offshoot of the Poseidon ad scam that the team first discovered in 2019.

This latest adaptation of Poseidon, called Scylla, uses new techniques and keeps the culprits behind the apps better protected from detection. The apps consist of games, but there is no fun here.

Scylla’s weapon of choice is advertising fraud. Here are the attack methods:

  • App spoofing: The app not only tricks people who download it, but it also tricks advertisers into thinking it’s a different type of application, so they place ads in it. For example, the malicious app pretends to be a very popular tool or pretends to be a streaming app to attract advertising revenue. In this case, the Scylla apps contained code masquerading as other, legitimate games.
  • Ads out of context: Ads appear unexpectedly, for example on the home screen. In the case of Scylla, apps can be triggered by an action as simple as unlocking the phone.
  • Hidden ads: These are ads that you don’t see, even though the app counts them as having been “seen” so that cybercriminals can make more money from the companies that placed the ads. The app tells advertising platforms that it has shown an ad to the user without ever having done so.
  • Fake clicks: Advertisers really value clicks, and the bad guys know this. The code in the Scylla apps takes the information about your actual clicks (or taps, in the case of mobile phones) and forwards this information to advertisers as ad clicks.
See also  The 5 biggest data breaches in 2022

The Satori team has worked closely with the Google Play Store and the Apple App Store to ensure that all apps identified as part of the Scylla operation have been removed.

If you have any of the apps we’ve listed in the tables below, remove them right away.

Remove these harmful apps from your iPhone

App name File name
Loot the castle com.loot.rcastle.fight.battle (id1602634568)
Run Bridge com.run.bridge.race (id1584737005)
Shiny gun com.shinning.gun.ios (id1588037078)
Racing Legends 3D com.racing.legend.like (id1589579456)
Rope Runner com.rope.runner.family (id1614987707)
Wood sculptor com.wood.sculptor.cutter (id1603211466)
Firewall com.fire.wall.poptit (id1540542924)
Critical Ninja Hit wger.ninjacriticalhit.ios (id1514055403)
now com.TonyRuns.game (n/a)

How to delete an app from iPhone:

  • Touch and hold the app.
  • Press Remove the app
  • Press Delete the appand then press Delete to confirm.

IMPORTANT: New iPhone and Android security features to turn on

Remove these harmful apps from your Android phone

App name File name
Superhero – Save the World! com.asuper.man.playmilk
Arrow coins com.arrow.coins.fun
Parking Master com.ekfnv.docjfltc.parking.master
Lady Run com.lady.dress.run.sexylady
Magic Brush 3D com.magic.brush.gamely
Shake Shake Sheep com.shake.tearn.saue.causalgame
Number combination: Colored chips com.yigegame.jyfsmnq.gg
Jackpot Scratcher Win Real com.physicswingsstudio.JackpotScratchers
Scratch Carnival com.scratchers.jackpot.luckypiggy
Ztime: Earn cash rewards easily com.pocky.ztime
Billionaire Scratch com.free.tickets.scratchers.billionaire
Lucky Wings – Lotto Scratchers com.free.scratchers.luckywings
Lucky Star: Lotto Scratch com.free.tickets.scratchers.LuckyLotto
Shake Shake Pig com.ldle.merge.free.coinspiggy
Lucky Money Tree com.ldle.merge.lucky.moneytree
Run and dance com.tap.run.and.dance
Lucky Scratchers: Lotto cards com.lotto.bingo.lucky.scratchcard
Pull the worm com.pull.bugs.worm
Crowd Battle: Fight the bad guys com.crowd.battle.goamy
Shoot Dummy – Win Rewards and Paypal Cash com.shoot.dummy.fast.speed.linger
Find 10 differences com.different.ti.spotgames
Find 5 Differences – New com.find.five.subtle.differences.new
Dinosaur legend com.huluwagames.dinosaur.legend.play
A line drawing com.one.line.drawing.stroke.yuxi
Shoot Masters com.shooter.master.bullet.puzzle.huahong
Talent trap – NEW com.talent.trap.stop.all
Shoot it: Use gun com.bullet.shoot.fight.gtommm.tom
Super Flake com.chop.slice.flake2020
Five star disc com.fem.stardisk
True drawing com.sand.drawing.newfight
Mr Dinosaur: Play your Dino com.topggame.facego.finger.crazy.dino
Track sliding New com.track3d.sliding.new
Beat Kicker New com.beat.kicker.two.game
Fill color 3D com.cube.fill.color.paint.turn.fei
Draw Live com.draw.live.milipop
Draw 1 Stroke com.draw.one.line.stroke.xipi
Fidget Cubes com.fidget.cubes.feel.like
Girls fight com.girls.fight.fly
Ninja Assassin com.knifeninja.assassin.dltc
Shooting Puzzle 2020 com.my.shooting.man.hunter.youxi
Pulley Parkour com.pul.parkour.bbroller
Chop Flake 3D com.slice.chop.superslice3d
Weapon fantasy com.guns.fantasygames
Balloon shooter com.balloon.shooter
Musical shooting com.ltcmusical.fun2021
Chop slices com.lvdiao.chop.slices.chef
Ninja Slice com.slice.masked.games
Work now! com.work.now.slack
Bottle jump com.bottle.jump.flip.challenge.fun
Corn scraper com.corn scraper.cut.pipe screening
Idling wood machine com.idle.woodmaker.gametwo
Pop girls school student com.pop.girls.schooler
Romy Rush com.romy.rushrun
Spear hero com.spear.superman.hero
Dig road balls com.dig.roadballs.play.games.ygygame
BOO Popstar com.boostar.boo.popstar
Draw CompleteA com.darwa.completea.ltca
Rush 2048: 3D Shoot Cubes com.rushcube.puzzle.block
Meet Camera com.magicvcam.hdmeet.cam008
Auto stamp camera com.stac.amper.qweaf
now com.find.five.differences.lvye.xsl
now com.mufc.zwxfb
Roll Turn com.roll.turn.song.wusi.pt
Hide drawing com.hiding.drawltc.games
Peter Shoot com.ltc.peter.shoot.tslgame
Design n Road com.ltcdesign.nroad
The drawing is complete com.ltcdraw.complete.fly
The Thief King com.ltcking.thief.game.tsl
Downhill race com.downhillrace.redbull
Draw a war com.draw.war army
Rescue Master com.rescue.mastergear.mechanics.wushi
Spin: Letter Roll come. letter roll run
Helicopter Strike – NEW com.heliattack.shoot.sanba
Smash car com.crush.car.fly.delivery.lingjiu
Relx cash com.tycmrelx.cash
War in painting com.painting.war.inpaper
Bike Extreme Racing com.bike.extreme.racing.bikegames
Player Spiral Maker 3D com.player.spiral.maker.d3
Match 3 tiles com.blocks.tile.matching
2048 Merge Cube – Win money com.cube.merge.shooter

To delete an app from your Android phone:

  • To open Google Play Store app.
  • Tap on the top right Profile icon.
  • Press Manage apps and devices > Achieve.
  • Tap the name of the app you want to delete.
  • Press Uninstall.
See also  Black Hat Europe redux: The best web hacking talks of 2022

Tips to keep you safe

  • Turn on Google Play Protect by going to Google Play Store > Profile > Play Protect > Settings and turn on Scan apps with Play Protect.
  • Keep your phone updated with the latest updates and fixes. We notify you about them at Komando.com. Tap or click here to try Kim’s free email newsletter to get the alerts straight to your inbox.
  • Use two-factor authentication and password managers for better security. Tap or click here for details on 2FA.
  • Only download apps from official app stores. Always go to the official source and double check that you are installing the correct app.
  • Watch out for apps that use a similar logo to other popular apps or have similar features. Also check reviews to see if others warn of suspicious activity.
  • Pay attention to permissions. Stay away if an app wants full access to your text messages or notifications.
  • Have reliable antivirus software on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan for TotalAV Internet Security for just $19 at ProtectWithKim.com. That’s over 85% off the regular price!

Continue reading

Data hungry apps: These are the worst for your privacy

These 5 Malicious Chrome Extensions Were Installed 1.4 Million Times — How to Delete Them

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *