Hackers have been masquerading as big names including WhatsApp, Instagram, Snapchat, X/Twitter and Google.
Fraudsters use their logos on icons to lure people in, according to security researchers SonicWall.
The ruse tricks victims into installing a fake app onto their smartphone which goes onto raid them of data.
Contacts, text messages, call logs and passwords are among the details stolen, experts claim.
They can even do weirder things like activate your camera’s flashlight or switch on the phone’s vibration.
Once installed, the fake app asks users to allow two permissions:
- Accessibility Service
- Device Admin Permission
“This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their devices,” SonicWall warned.
“By requesting these permissions, the malicious app aims to gain control over the victim’s device, potentially allowing it to carry out harmful actions or steal sensitive information without the user’s awareness or consent.”
Most read in Phones & Gadgets
It’s not clear how long the scam has been going on for or how many people have fallen victim.
But it does demonstrate once again the need to be very careful about what you install on your devices.
WHY YOU SHOULD ONLY DOWNLOAD FROM OFFICIAL APP STORES
Analysis by Jamie Harris, Senior Technology and Science Reporter at The Sun
One of the biggest differences between Android and iPhone is where you can download your apps.
iPhone takes a more closed approach allowing you to only download apps from the iOS App Store which keeps things secure.
On the other hand, Android takes an open approach in a bid to give people greater freedom – but this comes at a risky cost.
The thing is, the Google Play Store has millions of apps already.
And although some bad ones can slip through the net the vast majority are safe.
Not to mention, Google Play Protect checks your apps and devices for harmful behaviour.
So it’s not worth the risk of downloading from an external source – stick to the Google Play Store.