The three apps that have been identified as extremely dangerous and should be removed from your Android device right now are Dink Messenger, SIM Info, and Defcom.
If you find any on your phone, delete them immediately. Next, you'll need to check the security of your device and monitor your accounts. It's also recommended that you change your bank account and email passwords, and make sure multi-factor authentication (MFA) is enabled.
As a reminder, AMF (or MFA, in English) uses verification processes that require at least two different authentication factors; For example, the first is on your personal computer, and the second is on your smartphone.
Three applications carry the same XsploitSPY malware
Malware has been discovered publicly announced online in these three dangerous apps, stealing your messages and banking credentials on infected Android phones.
Android users should be wary of apps that claim to provide interfaces with popular messaging platforms. The last three applications were found to carry the well-established and open source XsploitSPY malware.
Removed from Google Play Store
ESET says the XsploitSPY infestation is limited to Asia, but it could spread among Android users wherever they are.
“An active and targeted spying campaign on Android began in late 2021 and is primarily disguised as messaging apps distributed on dedicated websites and Google Play,” ESET says.
Google Play Security
The malicious apps have been removed from Google Play, but that doesn't mean they won't be on devices or available in third-party stores anymore.
Android users should make sure they have Google Play Protect as extra protection against Play Store apps that have snuck through the popular app store's filters or been downloaded elsewhere.
By enabling Google Play Protect by default on Android devices with Google Play Services, users are automatically protected from known versions of malware. Google Play Protect can warn users or block apps known to be behaving maliciously, even if those apps come from sources outside the Google Play platform.
Comprehensive but targeted espionage
XsploitSPY malware provides an extensive list of malicious capabilities, including GPS logging, microphone logging, camera access, SMS access, clipboard logging, and message notification interception. The kind of thing no one wants on their device.
The main motive of the campaigns carried out around this malware is to steal IDs from banking and other financial applications to empty accounts. But the limited and specific nature of this particular campaign seems more like targeted espionage.
Before downloading so-called popular but unknown applications, be careful, as they may be designed to trick users into thinking they are safe.
“Web fanatic. Travel scholar. Certified music evangelist. Coffee expert. Unapologetic internet guru. Beer nerd.”