Malware uses famous Android app icons such as Google, Instagram, Snapchat, WhatsApp and X (formerly Twitter) to trick users into installing them on devices, thereby infiltrating and stealing data. sensitive information of the victim such as bank data, social network accounts...

Hackers create fake links to famous sites such as Facebook, GitHub, Instagram, LinkedIn, Microsoft, Netflix, PayPal, Proton Mail, Snapchat, Tumblr, X, WordPress and Yahoo... to trick users into downloading fake applications with contains viruses.

Once installed on the phone, the fake application will request permissions for accessibility services and API (Application Programming Interface). These permissions allow viruses to control devices, steal data, and deploy malware without the victim's knowledge.

Viruses also have the ability to connect to command and control (C2) servers to receive execution commands, allowing them to access contact lists, SMS messages, call logs, and lists of installed applications. put; send SMS messages; Open phishing sites on your web browser and turn on your camera's flashlight.

Experts recommend that before clicking on a URL, you should carefully check the path to make sure it does not contain strange characters. Malicious links often have domain names that look similar but are not exactly the same as the real link, for example G00gle.com instead of google.com.

You need to go to your phone's permission settings and limit unnecessary permissions for the app.

- Do not install applications through links of unknown origin or APK files shared via email, text messages, or social networks.

- Check information about the application developer. Apps from reputable and reputable developers are often safer.

- Regularly check and delete unused or unnecessary applications to reduce the risk of being attacked.

Bkav