Security Round Up: Fake Antivirus in Google Play Store and T-Mobile Data Buyback

Like most weeks, there have been new security breaches and other issues affecting both businesses and individuals. Two that affect the greatest number of users include a fake anti-virus app in the Google Play Store and T-Mobile trying to buy back their customer data that had previously been breached.

This post discusses these issues, what we know about what happened, and what you can do to protect yourself.

Security Round Up: Fake Antivirus in Google Play Store and T-Mobile Data Buyback

Some security threats are directed at individuals, such as phishing scams to gain access to your accounts, or malicious ads on websites. Other attacks are directed at companies you and others do business with, such as hacking their credit card terminals.

Unfortunately for businesses, the greater the widespread adoption of their products, the greater the amount of data they have about us, therefore making them a bigger target to hackers. This post discusses two items that are directed at end users, but large businesses are the vehicle that was used to get to those end users.

Google Play Store fake anti-virus

Google recently removed six fake anti-virus apps from the Play store because they were used to deliver malware, not protect user's from malware. Once the apps were installed, they were used to steal personal information from Adroid users. This included account passwords, bank information and more.

The apps in question were infected with Sharkbot Android malware, a known malware whose purpose is to steal user credentials. User credentials are made up of user IDs and passwords and are often reused because people have to create so many accounts it can be nearly impossible to remember unique credentials for every account. Stolen user credentials can allow hackers to access bank accounts, social media accounts and email accounts, which is extremely dangerous because email is often used to reset credentials for other accounts.

What you need to know: Most users who downloaded this malware were from the United Kingdom and Italy. The names of the six malicious apps are:

  1. Atom Clean-Booster Antivirus
  2. Antivirus, Super Cleaner
  3. Alpha Antivirus, Cleaner
  4. Center Security - Antivirus
  5. Center Security - Antivirus (with a different app logo)
  6. Powerful Cleaner, Antivirus

Image via Check Point blog - 4/7/2022. 

What you can do: If you think you downloaded one of these apps, delete it immediately. Also, change any passwords for those accounts you may have entered your credentials into while the malicious app was installed (think banking apps, etc.). Be sure to update these passwords from another device. Lastly, it is a good idea to download a legitimate anti-malware app, from a reputable company, so you can scan your phone to check for infections.

T-Mobile customer data buyback

T-Mobile has been mentioned in our security round ups a couple of other times as they have been the victim of data breaches more than once. While their most recent foray into the news is not about a new data breach, the fact that hackers were able to access the personal data of 30 million of T-Mobile's customers is worth mentioning again since it relates to this recent event.

Last August, T-Mobile suffered a data breach that affected 30 million customer records. After that breach, T-Mobile hired a private third-party company in hopes of regaining singular access to their breached records. Originally, the hackers requested a bitcoin payment worth about $270,000. Ultimately, T-Mobile, via the third-party, paid the hackers $200,000. Yet they still did not end up protecting their customers' data.

What you need to know: In this case, the hackers who had control of T-Mobile's customer data continued to sell the data even though T-Mobile was working through a third-party to pay them off. Any time there is a data breach, it is risky working with hackers to get the data back. Businesses need to remember that they are cooperating with thieves, hoping for them to be honest when they have already proved to be nefarious.

What you can do: If you are, or were ever, a T-Mobile customer, keep in mind this is not a new data breach. However, through this breach, it is possible some of your personal information was sold. The most proactive things anyone can do, whether they have data that has been breached or not, are:

  • Watch your credit score and consider freezing your credit so nobody but you can open a new account.
  • Pay attention to your bank accounts and credit cards to quickly catch any unauthorized charges.
  • Regularly change your account credentials.
  • Avoid reusing account credentials.
  • Take the free credit monitoring offered by a company where your data was breached.

There will always be threats to the security and integrity of our data. These threats often include software and applications we use everyday and can even include stores and websites we visit. Most recently, the attack on the Google Play Store using apps pretending to be anti-virus, is a horribly malicious act hurting those people making an effort to protect themselves. Additionally, T-Mobile is still feeling the pain of a data breach that occurred in August of last year.

As always, being aware of as many types of threats as possible keeps you more informed and reduces your risk of becoming a victim to those threats.