New Delhi: A team of cybersecurity researchers have detected fake oximeter apps on the play store which is revealed to have been misused by malware authors to steal the bank credentials of users.
A team from Quick Heal Security Labs said that the threat actors use reliable tools to deploy payload and third-party app stores for the distribution of these fake apps.
Lately, several people have been resorting to self-assessment or tests at home due to the surge of COVID positive cases. As the demand for oximeters rose too quickly, the supply of the same could not meet the demand. People, therefore, have started using oximeter apps on their phones to check their oxygen levels through which the malware authors are exploiting such people.
Attackers primarily target the app stores, where both free and paid apps are available.
According to reports, the attackers use different tools like firebase or GitHub to deploy these fake apps and different app markets like QooApp, Huawei, etc for effective publishing and distribution among a large base of users.
The researchers also warned that it is extremely critical to stay alert at every point possible as the threat actors are always seeking opportunities to compromise users.
They advised not to open links shared through messages or on social media platforms.
The team also alerted users to check for grammar errors in the app descriptions as attackers usually use wrong English.
They also asked the users to focus more on reviews with low ratings since the reviews and ratings of these apps can also be fake.
"Avoid approaching to third-party app stores for downloading apps or through links shared via SMSs, emails and WhatsApp. These avenues don't invest in security and hence make space for any type of app, including the infected ones," the researchers said.