Here’s the bad news: Malware can come from anywhere. Just previewing a Word doc could infect your device. Here’s what you need to know to stay safe.
The good news is you can protect yourself with some knowledge and good practices. We’ve compiled a list of malicious apps that you must avoid at all costs, along with some tips on staying safe while still enjoying your tech.
Free is never truly free
Anytime an app or service advertises itself as “free,” your guard should go up. This is especially true regarding something you download to your device.
SuperVPN, a free VPN app with 100 million downloads across the Apple App Store and Google Play Store, recently suffered a breach. And get this: 360 million user records were leaked, including email addresses, original IP addresses, geolocation records, unique users’ identifiers, references to visited websites, operating systems, devices and online activities.
If that’s not bad enough, a cybersecurity researcher found that SuperVPN was listed under developers with connections to China. It’s no secret that the Chinese government is spying on us.
SuperVPN was removed from the Google Play Store in 2020, so that should also tell you something. If you have this app on your phone, remove it immediately.
Fake ChatGPT apps
You can have some fun with ChatGPT and even use it to help craft emails, recipes and essays, but its popularity has made it a prime target for hackers and scammers. Several fake OpenAI/ChatGPT apps were found on Apple’s and Google’s app stores. The apps mimic the logo and color schemes used by OpenAI.
For the most part, these apps are fleeceware, which means they’re after your money. For example, you may notice the lack of a close button. You hit a paywall that forces you to subscribe and the only way out is to force-close the application.
The apps may charge for things other apps do for free or promise a free trial and then charge you immediately for an annual subscription.
Here’s a list of apps to avoid:
- Chat GBT
- GAl Assistant
- Al Chat GBT – Open Chatbot App
- Al Chat – Chatbot Al Assistant
- Genie AI Chatbot
- Al Chatbot – Open Chat Writer
If you have any of these apps on your phone, remove them.
Let’s make this clear: ChatGPT is free to use. There’s a $20 subscription model that gets you faster response times and priority access, but it’s not mandatory.
RELATED: Money tip: The easiest way to cancel your unused subscriptions
More bad Android apps
It seems like it never ends for Android users. Cybersecurity researchers at Dr. Web found spyware in more than 100 popular apps on the Google Play Store. Here are the top 10 most popular apps, along with download numbers:
- Noizz – video editor with music (100 million)
- Zapya – File Transfer, Share (100 million)
- vFly – video editor & video maker (50 million)
- MVBit – MV video status maker (50 million)
- Biugo – video maker & video editor (50 million)
- Crazy Drop (10 million)
- Cashzine – Earn money reward (10 million)
- Fizzo Novel – Reading Offline (10 million)
- CashEM – Get Rewards (5 million)
- Tick – watch to earn (5 million)
How did so many bad apps spread so far and wide? In this case, developers were fooled into using a software development kit (SDK) that uses minigames and daily rewards to keep people opening their apps. The code seems legit, but it hides in the background collecting activity and sending it back to the software makers.
Tip: Avoid those “open to win!” apps altogether. It’ll never be what you expect. And delete any of these apps on your phone!
SpinOK is not OK
Cybersecurity firm CloudSEK found 101 apps loaded with SpinOK malware on the Google Play Store, and only about half have been removed.
SpinOK was used in the same group of apps found by Dr. Web, which we went over in the previous section. Developers added it to their apps to insert minigames for users to win prizes (no such prizes exist without consequences).
The malware can cause all sorts of mischief in the background, such as uploading your files or copying stuff from your clipboard (think login credentials).
Here’s a list of the most popular Android apps using SpinOK malware, along with their developers and download numbers:
- Macaron Match (XM Studio) – 1 million downloads
- Macaron Boom (XM Studio) – 1 million downloads
- Jelly Connect (Bling Game) – 1 million downloads
- Tiler Master (Zhinuo Technology) – 1 million downloads
- Crazy Magic Ball (XM Studio) – 1 million downloads
- Happy 2048 (Zhinuo Technology) – 1 million downloads
- Mega Win Slots (Jia22) – 500,000 downloads
More malicious Android apps? You don’t say
Bitdefender recently found 60,000 Android apps carrying adware that sits quietly in the background and bombards you with ads. But it doesn’t end there. Cybersecurity researchers warn that hackers can redirect you to other types of malware, such as banking Trojans that steal your credentials or ransomware.
The malware campaign has been live since at least October 2022 and includes the following types of apps:
- Game cracks
- Games with unlocked features
- Free VPN
- Fake videos
- Netflix
- Fake tutorials
- YouTube/TikTok without ads
- Cracked utility programs: weather, pdf viewers, etc
- Fake security programs
Read on for steps on deleting malicious apps from your phone and tips to stay protected.
Do this now
Delete apps from your Android phone:
- Long-press an app, then tap App Info > Uninstall.
- Go to Settings > Apps & Notifications to see a list of your apps and delete them the same way.
- Or open the Google Play Store app and navigate to Menu > My apps & games. Tap on the app and hit Uninstall.
- NOTE: Samsung and OnePlus phones have an Uninstall option under the app shortcuts menu.
Delete apps from your iPhone
- Touch and hold an app, then tap Remove App > Delete App > Delete.
- Or use the App Library, introduced in iOS 14, to get a curated list of your apps grouped by category. Swipe past the last page of your Home screen to access it. Tap and hold the app, then select Delete App > Delete.
How to stay safe
- Keep your devices updated to get the latest security patches.
- Only download apps from official app stores. Always go to the official source and double-check that you are installing the correct app. Even though bad apps still get through, this is still the safest way to go.
- Watch out for apps that use a similar logo to other popular apps or have similar functions. Also, check reviews to see if others are warning about suspicious activity.
- Pay attention to permissions. Stay away if an app wants full access to your text messages or notifications.
- Have trustworthy antivirus software on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan of TotalAV Internet Security for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!
Keep reading
These games are ‘hungry’ for data
Smartphone warning: Check these settings NOW on your iPhone or Android