More than 250 malicious apps are spreading info-stealing malware on Android and iOS — delete these right now
Case in point, the mobile security firm Zimperium has discovered a new malware campaign which targets users of the best iPhones and best Android phones with over 250 malicious apps spread via 80+ malicious domains.
What sets this particular campaign apart is that in addition to posing as utility apps, many of the malicious apps used in it also posed as dating apps along with file sharing ones and car service platforms.
Once installed on a vulnerable smartphone, the apps were then used to download a dangerous info-stealing malware capable of stealing all sorts of sensitive personal data including a victim's contacts and even their photos. The hackers behind this campaign then took things a step further, threatening to extort victims by leaking their private info and photos to their contacts or online if their demands weren't met.
Here's everything you need to know about this new malware campaign along with some tips and tricks to help you stay safe from malicious apps and the dangers they pose to both your data and your devices.
Before we go into the campaign itself and how it worked, you should first check your phone to make sure that you haven't installed any of the apps below. If you have, you're going to want to manually delete them from your devices:
I've highlighted just a few of them above but you can see the full list here (Google Sheet). If you take a closer look at the names of these malicious apps, you'll notice that many of them are in Korean which makes sense given that this campaign mainly targeted users in South Korea.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Given that anyone could have shared a link to one of the malicious domains hosting these fake apps, iPhone and Android users worldwide could be impacted. Either way, it's always a good idea to take a closer look at all of the apps you have installed and to delete any you don't recognize or haven't used in a while.
In a blog post detailing the inner workings of this new campaign dubbed SarangTrap, Zimperium's security researchers explain that potential victims are first tricked into visiting carefully crafted phishing sites.
These are designed to impersonate popular brands and app stores which not only adds legitimacy to the campaign but may also entice users to download these bad apps.
Once installed, these fake apps lure users in with slick user interfaces while requesting access to loads of unnecessary permissions with the caveat that they won't work without them. To make these apps seem more exclusive, especially the ones posing as dating apps, users are also prompted to enter a valid invitation code.
After being entered, this invitation code is sent to a hacker-controlled server for validation after which, these malicious apps then request access to the sensitive permissions they'll use to infect a device with malware and steal personal info from it.
Besides acting as a lure, this process allows the malware to remain undetected by the best antivirus software and other security solutions designed to stop malicious activity from bad apps.
With the necessary permissions in hand, these fake apps reveal their true nature. While they look slick and polished at first, they contain no dating features or other functionality at all. Instead, they're just a facade used by the hackers behind this campaign to gain a foothold on vulnerable devices from which they can then steal all sorts of valuable sensitive data.
When it comes to the types of data the malware spread by these fake apps is able to steal, it can download a victim's phone number and device identifiers along with all their photos and text messages. With all this info, the hackers behind this campaign can easily extort victims, though they could also bundle it altogether and sell this data to other cybercriminals to use in their own attacks.
Surprisingly, in addition to malicious Android apps, this campaign also uses a deceptive mobile configuration profile to go after iPhone users. By installing this profile on an iPhone, the hackers are able to steal much of the same sensitive data on iOS including a victim's contacts and photos.
Just like with new software on your computer, you always need to be careful when installing new apps on your phone, especially as we now have so much personal and even financial info on our mobile devices.
For starters, you want to avoid sideloading apps or installing apps from unknown sources or websites. If you're taken to a site trying to get you to install an app instead of to an official app store like the Google Play Store or Apple's App Store, this is a major red flag and a great indication that you should avoid this particular app altogether.
When you install a new app on your devices, you want to pay close attention to the types of permissions it requests the first time that you open it. While it makes sense for a messaging app to request access to your text messages, it definitely doesn't when a dating app does so. If any permissions seem odd or unnecessary, this is another red flag that something could be off with a particular app.
Besides being extra careful when installing new apps, I highly recommend that you limit the number of apps on your phone overall. Having a lot of apps installed makes it difficult to find malicious ones and even good apps can go bad when injected with malicious code. The fewer apps you have, the less likely it is that one of them will be malicious or turn malicious later.
If you're using an Android phone, you want to make sure that Google Play Protect is enabled as this pre-installed security solution scans all of the new apps you download as well as all of your existing apps for malware. For extra protection though, you may also want to consider running one of the best Android antivirus apps alongside it.
While there isn't an iPhone equivalent of these apps due to Apple's own restrictions, the best Mac antivirus software from Intego can scan your iPhone or iPad for malware when plugged into your Mac via a USB cable.
Given that downloading and installing a malicious app even accidentally can have very serious consequences, you may also want to invest in one of the best identity theft protection services. They can help you get your identity back after having it stolen as well as compensate you for any funds lost to fraud or a cyberattack.
Malicious apps are the easiest way for hackers to establish a foothold on your devices and gain leverage over you and your data which is why they aren't going anywhere anytime soon. This is why it's up to you to be proactive as well as careful when it comes to which apps you download and where you download them from.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Tom's Guide
9 minutes ago
- Tom's Guide
One UI 8 tipped to bring a major Galaxy AI upgrade — plus quality of life improvements to Galaxy S26
A recent post on social media has indicated that Samsung is working on a big improvement for Live Captioning with Galaxy AI. The post in question comes from Galaxy Techie, who posted on X about a new Galaxy AI feature called Voice Captioning. Like Live Captions, this feature will convert speech from calls, videos and live conversations into text. However, Voice Captioning separates itself is by being able to translate and summarize the captions in real time. Currently, Samsung's version of Live Captioning will only transcribe voices into the language they are spoken in. Meanwhile, if you have a Pixel phone like the Pixel 9 Pro, you can enable a Live Translate feature, which quickly converts captions into another chosen language in real time. The addition of this feature on Samsung phones would undoubtedly be a lifesaver for holiday goers with the best Samsung phones. Unfortunately, this feature is reportedly only officially available in China, and there's no indication of when it could come to other markets. However, you can download the APK onto your device if it's running One UI 7 or One UI 8. A Google Drive link for the APK is available in Galaxy Techie's X thread. Once it's installed, you only need to add the Voice Captioning shortcut to your phone's quick settings panel and allow all of the necessary permissions. Before you download the file, however, there are a couple of things to note. Firstly, as reported by Android Authority, the APK version of the feature is far from stable and repeatedly crashes. On top of that, Reddit threads indicate that the file doesn't always work with the One UI 8 beta. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. There's also the inherent risk of sideloading apps on Android phones. So proceed with installing the APK at your own risk. We would also always caution anyone when downloading an online file to make sure their phone is secure. Make sure you have one of the best antivirus apps to keep your data safe. The best VPNs are also worth having, even if they won't protect you from any software you willingly install. It isn't just One UI 8 features that could make life easier, as another rumor has revealed a big quality-of-life improvement for the Galaxy S26. According to a recent report from ET News, several industry sources have claimed that Samsung is planning to add a new NFC antenna to the top of the Galaxy S26. Currently, Samsung phones only have a single NFC coil, which is placed just below the camera module. However, the placement can vary slightly, with the Galaxy S25 Ultra's coil closer to the middle of the phone, while the Galaxy S24 Ultra has it sit slightly higher. This can make it annoying to use the phones to pay, usually leading to having to hold them at odd angles. This single placement is odd, as other Android devices have multiple coil placements. All while iPhones only need you to place the top half of the phone on the scanner. Supposedly, part of the problem Samsung had was that Apple holds several patents related to NFC payments, forcing Samsung to find new solutions. It should be noted that there are indications that Samsung hasn't finalized the overall design of the Galaxy S26 yet, so it is possible that the company could scrap the new coil placement. We'll have to wait for Samsung to officially announce the device to see what changes are coming. While we don't have a set release date yet, Samsung's Galaxy Unpacked events usually occur at the start of the year, with wider phone releases happening around two weeks later. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
Business Wire
39 minutes ago
- Business Wire
Perion Partners with KT Corporation and NHN AD to Drive New Advertising Revenue in Korea's High-Growth Programmatic Market
NEW YORK & TEL AVIV, Israel--(BUSINESS WIRE)-- Perion Network Ltd. (NASDAQ & TASE: PERI), a leader in advanced technology solving for the complexities of modern advertising, today announced strategic partnerships with KT Corporation and NHN AD, two of South Korea's leading digital media and technology companies. This collaboration marks a significant expansion of Perion's programmatic Digital Out-of-Home (DOOH) footprint and strengthens its presence in one of Asia's fastest-growing advertising markets. This partnership reflects Perion's strategic priority to expand premium media supply in high-growth APAC markets. The APAC DOOH Market size is estimated at $21.64 billion in 2025, and is expected to reach $38.71 billion by 2030, representing a CAGR of 12.34% 1. These deals represent Perion's first direct programmatic supply integrations in Korea and will begin contributing to revenue in Q4 2025. With this joint initiative, KT becomes the first Korean media owner to implement Perion's Header Bidding technology, a core element of its Supply Side Platform (SSP), unlocking seamless access to global programmatic demand across both Open Exchange and Private Marketplace (PMP) environments. NHN AD, a leading Korean digital marketing firm, will serve as the local activation partner, facilitating PMP deals and ensuring smooth onboarding for domestic advertisers and publishers. The integration with KT includes 179 high-visibility subway screens along the Shinbundang Line and Seoul Metro Line 9, bringing programmatic DOOH capabilities to premium public transit environments. NHN AD offers access to high-income audiences focused on fitness and self-care through 85 screens located in golf driving ranges and premium fitness clubs across major cities in Korea. Together, these partnerships mark one of Korea's earliest and largest-scale implementations of programmatic DOOH technology beyond retail, accelerating access to valuable audiences in both urban and lifestyle environments. 'Our DOOH continues to expand, and we're thrilled to partner with such a prominent telecom brand. This collaboration can contribute to accelerating our momentum in APAC, one of the largest DOOH markets which is projected to reach $21.64 billion in 2025, with further growth anticipated in the coming years,' said Tal Jacobson, Perion's CEO. 'This partnership supports our commitment to premium, high-margin channels like DOOH and expands our global supply footprint. It validates our strategy of entering high-value markets through deep technology integration and trusted local partners. With KT and NHN AD, we're reinforcing our ability to deliver premium supply and performance at scale for global advertisers across Asia.' 'We are proud to be the first Korean publisher to adopt Perion's full-stack technology,' said Kwangchul Choi, General Manager at KT Corporation. 'This partnership helps us better monetize our digital assets while offering global advertisers access to our high-impact screens.' 'NHN AD is excited to help activate this partnership locally and make global PMP deals more accessible in Korea's dynamic media landscape,' said Jason Kim, SVP at NHN AD. About Perion Network Ltd. Perion is helping agencies, brands and retailers get better results with their marketing investments by providing advanced technology across digital channels. Through the Perion One platform, we are making digital advertising more effective by building solutions that continuously adapt to connect the dots between data, creative and channels. For more information, visit Perion's website at Forward Looking Statements This press release contains historical information and forward-looking statements within the meaning of the Securities Act of 1933, as amended, the Securities Exchange Act of 1934, as amended, and the safe- harbor provisions of the Private Securities Litigation Reform Act of 1995 with respect to the business, financial condition and results of operations of Perion. The words 'will,' 'believe,' 'expect,' 'intend,' 'plan,' 'should,' 'estimate' and similar expressions are intended to identify forward-looking statements. Such statements reflect the current views, assumptions and expectations of Perion with respect to future events and are subject to risks and uncertainties. All statements other than statements of historical fact included in this press release are forward-looking statements. Many factors could cause the actual results, performance or achievements of Perion to be materially different from any future results, performance or achievements that may be expressed or implied by such forward-looking statements, or financial information, including, but not limited to, political, economic and other developments (including the current war between Israel and Hamas and other armed groups in the region), the failure to realize the anticipated benefits of companies and businesses we acquired and may acquire in the future, risks entailed in integrating the companies and businesses we acquire, including employee retention and customer acceptance, the risk that such transactions will divert management and other resources from the ongoing operations of the business or otherwise disrupt the conduct of those businesses, and general risks associated with the business of Perion including, the transformation in our strategy, intended to unify our business units under the Perion brand (Perion One), intense and frequent changes in the markets in which the businesses operate and in general economic and business conditions (including the fluctuation of our share price), loss of key customers or of other partners that are material to our business, the outcome of any pending or future proceedings against Perion, data breaches, cyber-attacks and other similar incidents, unpredictable sales cycles, competitive pressures, market acceptance of new products and of the Perion One strategy, changes in applicable laws and regulations as well as industry self-regulation, negative or unexpected tax consequences, inability to meet efficiency and cost reduction objectives, changes in business strategy and various other factors, whether referenced or not referenced in this press release. We urge you to consider those factors, together with the other risks and uncertainties described in our most recent Annual Report on Form 20-F for the year ended December 31, 2024 as filed with the Securities and Exchange Commission (SEC) on March 25, 2025, and our other reports filed with the SEC, in evaluating our forward-looking statements and other risks and uncertainties that may affect Perion and its results of operations. Perion does not assume any obligation to update these forward-looking statements.
Android Authority
an hour ago
- Android Authority
Samsung could finally catch up to other Android OEMs with this navigation choice
Joe Hindy / Android Authority TL;DR Samsung could soon let you choose swipe navigation as the default while setting up a new phone. Samsung is testing a choice screen that will allow choosing between three-button navigation and swipe navigation gestures during setup. The feature is only being tested and could be introduced with One UI 8.5 on the Galaxy S26. Despite being a leading innovator in the mobile space, Samsung can sometimes resist change, especially when the mandate originates from other stakeholders, even Google. Until recently, Samsung refused to support seamless updates on its Android devices, even though it would have allowed users to save time. The welcome change came last year, and now, Samsung is likely to step away from another feature it has held sacred for a long time: three-button navigation. Even though Google and other Android manufacturers have embraced swipe navigation gestures, the three-button system is chosen by default when you set up a new Samsung phone. If anyone wants to use navigation gestures, they must head to Settings on their Galaxy phones or tablets and switch it manually after completing the setup. However, with future versions of One UI 8, Samsung could finally allow users to choose between the three-button and gesture-based navigation systems while setting up their phones. SammyGuru Folks at SammyGuru recently spotted references to a new choice screen in a yet-to-be-released build of One UI 8. The feature is currently missing from the newly launched Galaxy Z Fold 7 and the Flip 7, which come with One UI 8 pre-installed. The source, therefore, proposes that it could be added with the next major version upgrade, which would be One UI 8.5. While Samsung could add the option to choose between the traditional and the relatively newer method of navigation, it will not eliminate the three-button navigation system from its phones. That would be useful for people who still prefer the classical method to move around in the Android interface. While it's unclear when — or even if — Samsung could actually bring this option, a significant software update like One UI 8.5 could make sense. However, we may have to wait for a few months for the change as Samsung is rumored to release the update alongside the Galaxy S26 series early next year. Follow
