Following the news about the EnergyRescue ransomware app found its way into Google Play and managed to make at least one victim. The app has since been removed by the Android team. IT security experts from Tripwire commented below.

Tim Erlin, Sr. Director, Product Management at Tripwire:

tim_erlin“Both Google and Apple put in quite a lot of effort to keep malicious apps out of their respective repositories, but no system is perfect. Criminals are constantly testing the defenses in place with new techniques to sneak malicious apps past.

While it may seem tedious to most users, really checking the permission requested by an app before you install it is a good defensive strategy. It may save you from serious malware and from egregious personal data collection.”

Craig Young, Security Researcher at Tripwire:

CraigYoung“With 2.2 million apps in Google’s Play Store, it is inevitable that some bad apples will get through. Users can still trust the Play Store but need to keep in mind a few tips to stay safe.  First of all, you should never ever grant administrator permission to any application without absolute trust for why it is needed.  Also starting with the 2015 release of Android 6, applications started requesting permission at run time rather than install so it is very apparent when an app tries to steal contacts or other personal data.  Unfortunately only a little over 30% of Android devices are running this version or newer due to many low-end phones being neglected by vendors with respect to providing updates.  This is why it’s important to buy Android devices from vendors with made commitments to keeping the product up to date for a specified amount of time. In today’s market, the best choice for that would be Google’s own Pixel phone which has essentially replaced their Nexus line.

It’s also interesting to note that while this user was apparently running antivirus software, they were still infected.  While many people perceive antivirus as a critical security control, many security professionals have been questioning its value for many years.”

Information Security Buzz