Following the news about the EnergyRescue ransomware app found its way into Google Play and managed to make at least one victim. The app has since been removed by the Android team. IT security experts from Tripwire commented below.
Tim Erlin, Sr. Director, Product Management at Tripwire:
“Both Google and Apple put in quite a lot of effort to keep malicious apps out of their respective repositories, but no system is perfect. Criminals are constantly testing the defenses in place with new techniques to sneak malicious apps past.
While it may seem tedious to most users, really checking the permission requested by an app before you install it is a good defensive strategy. It may save you from serious malware and from egregious personal data collection.”
Craig Young, Security Researcher at Tripwire:
“With 2.2 million apps in Google’s Play Store, it is inevitable that some bad apples will get through. Users can still trust the Play Store but need to keep in mind a few tips to stay safe. First of all, you should never ever grant administrator permission to any application without absolute trust for why it is needed. Also starting with the 2015 release of Android 6, applications started requesting permission at run time rather than install so it is very apparent when an app tries to steal contacts or other personal data. Unfortunately only a little over 30% of Android devices are running this version or newer due to many low-end phones being neglected by vendors with respect to providing updates. This is why it’s important to buy Android devices from vendors with made commitments to keeping the product up to date for a specified amount of time. In today’s market, the best choice for that would be Google’s own Pixel phone which has essentially replaced their Nexus line.
It’s also interesting to note that while this user was apparently running antivirus software, they were still infected. While many people perceive antivirus as a critical security control, many security professionals have been questioning its value for many years.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…