Android phone and tablet users have been put on red alert about a dangerous new malware strain hiding in bogus YouTube and WhatsApp apps.
In its recent Quarterly Adversarial Threat Report 2022, Meta – owners of Facebook, Messenger, Instagram and WhatsApp – revealed that the new Dracarys malware is being injected into fake versions of popular apps.
According to the report, this malware strain is capable of stealing call logs, contact information, files, SMS texts, geolocation and device details from an Android device as well as taking photos secretly, enabling the phone or tablet’s microphone.
Meta further said Dracarys, which is named after a Game of Thrones battle cry for dragons, was being spread by the Bitter APT hacking group who have been carrying out attacks in the United Kingdom, New Zealand, India and Pakistan.
The Android malware has been found in fake versions of YouTube, Signal, Telegram and WhatsApp.
The new Android malware gets access to a whole range of insidious features after abusing a device’s accessibility services which then gives it access to increased permissions.
Meta’s warning that this new Android malware can sneak past anti-virus detection is worrying, especially for those that have already downloaded affected apps.
The malware is in the early days so hopefully in the future it will be capable of getting scanned by antivirus apps. However, in the meantime its especially important to make sure you only download official apps from the Google Play Store.