The National Telecommunication & Information Security Board (NTISB) has issued a warning to Android users about a malicious campaign run by the Konfety cybercrime group, which targets devices through fake apps on the Google Play Store.
The campaign, known as “Evil Twin,” involved over 250 decoy apps that appeared harmless but were designed to trick users into downloading malware. The attackers, allegedly backed by the Russian Konfety group, used these apps to carry out ad fraud and install harmful software on devices, aiming for financial gain.
While Google has removed the malicious apps from the Play Store, NTISB advised users to take precautions. If any Konfety apps are found on a device, the following steps are recommended:
- Uninstall the malicious app immediately.
- Perform a factory reset of the device.
- Back up personal media files, but avoid backing up system apps.
- Limit app permissions to “while using the app” only.
- Download apps only from trusted sources like the Google Play Store or the iOS App Store.
- Regularly update your device’s operating system and apps.
- Monitor your device’s data usage for unusual activity.
- Install a reliable antivirus and internet security program on your smartphone.
In addition, NTISB issued another advisory regarding a security update for the Google Chrome browser. The update, Chrome version 126, addresses several high-severity vulnerabilities, including memory issues that could lead to Sandbox Escapes and Remote Code Execution. Users are urged to update their Chrome browsers to ensure their devices are protected against potential threats.
By following these guidelines, users can keep their devices safe and protect their personal information from cybercriminals.