Malware in fake Fortnite Android apps is already spreading

Malicious websites offering Android versions of Fortnite downloads have been discovered already, just days after the game was officially launched as a beta outside of the Google Play Store.

Developer Epic Games had already announced the game would not be available through Google Play, in a move that avoids it having to pay Google’s 30% cut on all purchases made, and instead provides the game as a download through its own website.

In a Wired report, the publication found seven websites advertising Fortnite for Android, all of which were then identified to carry malware by security experts Lockout. Upon investigation, the most common malware fools downloaders into visiting websites loaded with ads, on the promise of a code or opportunity to download the Fortnite game.

It’s also pointed out that before Google and Bing responded to complaints, the top search result for an Android version of Fortnite led not to the official version, but one loaded with malware.

Lookout’s Christoph Hebeisen told Wired why Fortnite not being available in the Google Play Store makes it interesting:

“When we are looking at fake apps that pretend to be a particular game, and that game is available on the Play Store, there’s a fairly high barrier for people to download that game from somewhere else, because they know that’s not a legitimate source.”

Fortnite does not have this safety barrier, and the consequences are already evident.

via BOA

Read more »

How google fights android malware 👀 ⚠️

Did Google score a complete victory against Android malware last year? No. Did it win? Yes.

If you just read the headlines, it sounds like Android is a security mess. There's a report about one Android malware program after another. What's not said is that often these Android viruses require a user to be a sucker to get them. But since a sucker is born every minute, Google does its best to stop malware in its tracks.

How does Google do this? Google's VP and head of security, Dave Kleidermacher, and Google Play's product manager, Andrew Ahn, explained in a blog post: "While the majority of developers have their audience's best interest at heart, some bad apps and malicious developers do attempt to evade detection and enter the Play Store to put people and their devices in harm's way."

A major reason for this is the "massive scale and the global reach of Google Play make the platform a target for bad actors," according to Google. To combat them, Google said it deploys "teams of engineers, policy experts, product managers, and operations professionals who constantly monitor the store and incorporate feedback from the user community to protect people from misleading, inappropriate, or harmful apps."

So, what does that mean? In 2017, Google reported it "took down more than 700,000 apps that violated the Google Play policies, 70 percent more than the apps taken down in 2016. Not only did we remove more bad apps, we were able to identify and action against them earlier. In fact, 99 percent of apps with abusive contents were identified and rejected before anyone could install them."

Google claimed it was able to do this "through significant improvements in our ability to detect abusive app content and behaviors -- such as impersonation, inappropriate content, or malware -- through new machine learning models and techniques." In addition, "We've also developed new detection models and techniques that can identify repeat offenders and abusive developer networks at scale. This resulted in taking down of 100,000 bad developers in 2017, and made it more difficult for bad actors to create new accounts and attempt to publish yet another set of bad apps."

In other words, Google made it much harder for repeat offenders to push malware into the Play Store. Specifically, Google strengthened Android Play Store in the following areas:

Read also: This crypto-mining Android malware is so demanding it burst a smartphone

COPYCATS

Attempting to deceive users by impersonating famous apps is one of the most common violations. Famous titles get a lot of search traffic for particular keywords, so the bad actors try to amass installs leveraging such traffic. They do this by trying to sneak in impersonating apps to the Play Store through deceptive methods such as using confusable unicode characters or hiding impersonating app icons in a different locale. In 2017, Google took down more than a quarter of a million of impersonating apps.

Read also: Android security: Sneaky three-stage malware found in Google Play store

INAPPROPRIATE CONTENT

Google doesn't allow apps that contain or promote inappropriate content, such as pornography, extreme violence, hate, and illegal activities. The improved machine-learning models sift through massive amounts of incoming app submissions and flag them for potential violations. This helps the human reviewers in effectively detecting and enforcing on the problematic apps. Tens of thousands of apps with inappropriate content were taken down last year as a result of such improved detection methods.

Read also: BankBot Android malware sneaks into the Google Play Store - for the third time

POTENTIALLY HARMFUL APPLICATIONS (PHAS)

PHAs are a type of malware that can harm people or their devices -- e.g., apps that conduct SMS fraud, act as trojans, or phishing user's information. While small in volume, PHAs pose a threat to Android users and Google invested heavily in keeping them out of the Play Store. Finding these bad apps is non-trivial as the malicious developers go the extra mile to make their app look as legitimate as possible. With the launch of Google Play Protect in 2017, Google reduced the rate of PHA installs by an order of magnitude compared to 2016.

Google Play Protect took several security measures that were already present in Android and improved them. These are malware scanning, application monitoring for rogue behavior, the ability to remotely locate, lock, and optionally wipe your device, and warnings about dodgy sites, which try to feed you malware or trick you out of personal information.

When it fails, and it will fail sometimes, Google's director of Android security, Adrian Ludwig, explained to ComputerWorld's J.R. Raphael: "The challenge that all detection technology runs into, inclusive of Google Play Protect, is when we see a completely new family coming from a different environment -- especially if [the apps] are on the borderline of behavior that might be considered to be potentially harmful and not quite potentially harmful." For example, no one's been able to use the Meltdown and Spectre security holes in malware... yet. When it does happen, these attacks will be hard to detect.

Still, Google's Play Store protection isn't perfect. "Despite the new and enhanced detection capabilities that led to a record-high takedowns of bad apps and malicious developers, we know a few still manage to evade and trick our layers of defense. We take these extremely seriously, and will continue to innovate our capabilities to better detect and protect against abusive apps and the malicious actors behind them. We are committed to make Google Play the most trusted and safe app store in the world," Kleidermacher and Ahn wrote.

So, is Android perfectly secure from malicious programs? Heck no! The battle against malware is never-ending and bad programs will make it through sometimes. But, Google is trying its best to make Android and its applications as safe as possible.

RELATED STORIES

• The 10 best ways to secure your Android phone
• Android security alert: Google's latest bulletin warns of 47 bugs, 10 critical
• Android security: Sneaky three-stage malware found in Google Play store

Read more »

New code injection method avoids malware detection on all versions of Windows

Presented at Black Hat Europe, a new fileless code injection technique has been detailed by security researchers Eugene Kogan and Tal Liberman. Dubbed Process Doppelgänging, commonly available antivirus software is unable to detect processes that have been modified to include malicious code.

The process is very similar to a technique called Process Hollowing, but software companies can already detect and mitigate risks from the older attack method. Process Hollowing occurs when memory of a legitimate program is modified and replaced with user-injected data causing the original process to appear to run normally while executing potentially harmful code.

Unlike the outdated hollowing technique, Process Doppelgänging takes advantage of how Windows loads processes into memory. The mechanism that loads programs was originally designed for Windows XP and has changed little since then.

To attempt the exploit, a normal executable is handed to the NTFS transaction and then overwritten by a malicious file. The NTFS transaction is a sandboxed location that returns only a success or failure result preventing partial operations. A piece of memory in the target file is modified. After modification, the NTFS transaction is intentionally failed so that the original file appears to be unmodified. Finally, the Windows process loader is used to invoke the modified section of memory that was never removed.

The following table shows the antivirus software tested by the researchers that is unable to block the exploit discovered.

Product	Operating System	Result
Windows Defender	Windows 10	Success
AVG Internet Security	Windows 10	Success
Bitdefender	Windows 10	Success
ESET NOD 32	Windows 7 SP1	Success
Symantec Endpoint Protection	Windows 7 SP1	Success
McAfee VSE 8.8 Patch 6	Windows 7 SP1	Success
Kaspersky Endpoint Security 10	Windows 7 SP1	Success
Kasperksy Antivirus 18	Windows 7 SP1	Success
Symantec Endpoint Protection 14	Windows 7 SP1	Success
Panda	Windows 8.1	Success
Avast	Windows 8.1	Success

It should be noted that Windows 10 Fall Creators Update originally appeared to fix the issue since the duo presenting were unable to perform the exploit on the latest version. When attempting the exploit, a stop error otherwise known as the blue screen of death occurs. Not a desirable effect, but better than ending up with an infected machine.

However, later updates apparently allowed for the exploit to work again even on the latest patches of Windows 10. Due to the nature of the exploit, Microsoft will have its work cut out to update a core feature that helps preserve software compatibility. Antivirus vendors should be able to push out updates to detect and prevent Process Doppelgänging within the coming weeks.

via Techspot

Read more »

No Platform Immune from Ransomware, According to SophosLabs 2018 Malware Forecast

• Ransomware ravaged Windows, but attacks on Android, Linux and MacOS systems also increased in 2017
• Just two strains of ransomware were responsible for 89.5 percent of all attacks intercepted on Sophos customer computers worldwide

OXFORD, U.K. – Nov. 2, 2017 – Sophos (LSE: SOPH), a global leader in network and endpoint security, today announced its SophosLabs 2018 Malware Forecast, a report that recaps ransomware and other cybersecurity trends based on data collected from Sophos customer computers worldwide during April 1 to Oct. 3, 2017. One key finding shows that while ransomware predominately attacked Windows systems in the last six months, Android, Linux and MacOS platforms were not immune.

“Ransomware has become platform-agnostic. Ransomware mostly targets Windows computers, but this year, SophosLabs saw an increased amount of crypto-attacks on different devices and operating systems used by our customers worldwide,” said Dorka Palotay, SophosLabs security researcher and contributor to the ransomware analysis in the SophosLabs 2018 Malware Forecast.

The report also tracks ransomware growth patterns, indicating that WannaCry, unleashed in May 2017, was the number one ransomware intercepted from customer computers, dethroning longtime ransomware leader Cerber, which first appeared in early 2016. WannaCry accounted for 45.3 percent of all ransomware tracked through SophosLabs with Cerber accounting for 44.2 percent.

“For the first time we saw ransomware with worm-like characteristics, which contributed to the rapid expansion of WannaCry. This ransomware took advantage of a known Windows vulnerability to infect and spread to computers, making it hard to control,” said Palotay. “Even though our customers are protected against it and WannaCry has tapered off, we still see the threat because of its inherent nature to keep scanning and attacking computers. We’re expecting cyber criminals to build upon this ability to replicate seen in WannaCry and NotPetya, and this is already evident with Bad Rabbit ransomware, which shows many similarities to NotPetya.” 

The SophosLabs 2018 Malware Forecast reports on the acute rise and fall of NotPetya, ransomware that wreaked havoc in June 2017. NotPetya was initially distributed through a Ukranian accounting software package, limiting its geographic impact. It was able to spread via the EternalBlue exploit, just like WannaCry, but because WannaCry had already infected most exposed machines there were few left unpatched and vulnerable. The motive behind NotPetya is still unclear because there were many missteps, cracks and faults with this attack. For instance, the email account that victims needed to contact attackers didn’t work and victims could not decrypt and recover their data, according to Palotay.

“NotPetya spiked fast and furiously, and did hurt businesses because it permanently destroyed data on the computers it hit. Luckily, NotPetya stopped almost as fast as it started,” said Palotay. “We suspect the cyber criminals were experimenting or their goal was not ransomware, but something more destructive like a data wiper. Regardless of intention, Sophos strongly advises against paying for ransomware and recommends best practicesinstead, including backing up data and keeping patches up to date.”

Cerber, sold as a ransomware kit on the Dark Web, remains a dangerous threat. The creators of Cerber continuously update the code and they charge a percentage of the ransom that the “middle-men” attackers receive from victims. Regular new features make Cerber not only an effective attack tool, but perennially available to cyber criminals. “This Dark Web business model is unfortunately working and similar to a legitimate company is likely funding the ongoing development of Cerber. We can assume the profits are motivating the authors to maintain the code,” said Palotay.

Android ransomware is also attracting cyber criminals. According to SophosLabs analysis, the number of attacks on Sophos customers using Android devices increased almost every month in 2017.

“In September alone, 30.4 percent of malicious Android malware processed by SophosLabs was ransomware. We’re expecting this to jump to approximately 45 percent in October,”said Rowland Yu, a SophosLabs security researcher and contributor to the SophosLabs 2018 Malware Forecast. “One reason we believe ransomware on Android is taking off is because it’s an easy way for cyber criminals to make money instead of stealing contacts and SMS, popping ups ads or bank phishing which requires sophisticated hacking techniques. It’s important to note that Android ransomware is mainly discovered in non-Google Play markets – another reason for users to be very cautious about where and what kinds of apps they download.”  

The SophosLabs report further indicates two types of Android attack methods emerged: locking the phone without encrypting data, and locking the phone while encrypting the data. Most ransomware on Android doesn’t encrypt user data, but the sheer act of locking a screen in exchange for money is enough to cause people grief, especially considering how many times in a single day information is accessed on a personal device.“Sophos recommends backing up phones on a regular schedule, similar to a computer, to preserve data and avoid paying ransom just to regain access. We expect ransomware for Android to continue to increase and dominate as the leading type of malware on this mobile platform in the coming year,” said Yu.

For access to the full SophosLabs 2018 Malware Forecast and Ransomware Infographic, go to here.

via comparethecloud

Read more »

WPA2 security flaw puts almost every Wi-Fi device at risk of hijack, eavesdropping

A security protocol at the heart of most modern Wi-Fi devices, including computers, phones, and routers, has been broken, putting almost every wireless-enabled device at risk of attack.

The bug, known as "KRACK" for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic, who found the flaw, said the weakness lies in the protocol's four-way handshake, which securely allows new devices with a pre-shared password to join the network.

That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream.

In other words: this flaw, if exploited, gives an attacker a skeleton key to access any WPA2 network without a password. Once they're in, they can eavesdrop on your network traffic.

The bug represents a complete breakdown of the WPA2 protocol, for both personal and enterprise devices -- putting every supported device at risk.

"If your device supports Wi-Fi, it is most likely affected," said Vanhoef, on his website.

But because Vanhoef hasn't released any proof-of-concept exploit code, there's little risk of immediate or widespread attacks.

News of the vulnerability was later confirmed on Monday by US Homeland Security's cyber-emergency unit US-CERT, which about two months ago had confidentially warned vendors and experts of the bug, ZDNet has learned.

The warning came at around the time of the Black Hat security conference, when Vanhoef presented a talk on networking protocols, with a focus on the Wi-Fi handshake that authenticates a user joining a network.

The cyber-emergency unit has since reserved ten common vulnerabilities and exposures (CVE) records for the various vulnerabilities.

Cisco, Intel, Juniper, Samsung, and Toshiba are among the companies affected.

At its heart, the flaw is found in the cryptographic nonce, a randomly generated number that's used only once to prevent replay attacks, in which a hacker impersonates a user who was legitimately authenticated.

In this case, an attacker can trick a victim into reinstalling a key that's already in use. Reusing the nonce can allow an adversary to attack the encryption by replaying, decrypting, or forging packets.

Windows and latest versions of Apple's iOS are largely immune from the flaws, according to security researcher Kevin Beaumont, in a blog post.

However, Vanhoef said the security issue is "exceptionally devastating" for Android 6.0 Marshmallow and above.

via zdnet

Read more »

Here is every patch for KRACK Wi-Fi attack available right now

Monday morning was not a great time to be an IT admin, with the public release of a bug which allowed WPA2 security to be broken.

As reported previously by ZDNet, the bug, dubbed "KRACK" -- which stands for Key Reinstallation Attack -- is at heart a fundamental flaw in the way Wi-Fi Protected Access II (WPA2) operates.

The security protocol, an upgrade from WPA, is used to protect and secure communications between everything from our routers, mobile devices, and Internet of Things (IoT) devices, but there is an issue in the system's four-way handshake which permits devices with a pre-shared password to join a network.

According to security researcher Mathy Vanhoef, who discovered the flaw, threat actors can leverage the vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks (MiTM) and eavesdrop on communication sent from a WPA2-enabled device.

US-CERT has known of the bug for some months and informed vendors ahead of the public disclosure to give them time to prepare patches and prevent the exploit from being utilized in the wild -- of which there are no current reports of this bug being harnessed by cyberattackers.

The bug is present in WPA2's cryptographic nonce and can be utilized to dupe a connected party into reinstalling a key which is already in use. While the nonce is meant to prevent replay attacks, in this case, attackers are then given the opportunity to replay, decrypt, or forge packets.

In general, Windows and newer versions of iOS are unaffected, but the bug can have a serious impact on Android version 6.0 Marshmallow and above.

The attack could also be devastating for IoT devices, as vendors often fail to implement acceptable security standards or update systems in the supply chain, which has already led to millions of vulnerable and unpatched IoT devices being exposed for use by botnets.

The vulnerability does not mean the world of WPA2 has come crumbling down, but it is up to vendors to mitigate the issues this may cause.

In total, 10 CVE numbers have been preserved to describe the vulnerability and its impact, and according to the US Department of Homeland Security (DHS), the main affected vendors are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, various units of Toshiba and Ubiquiti Networks.

So who is on top of the game?

Aruba: Aruba has been quick off the mark with a security advisory and patches available for download for ArubaOS, Aruba Instant, Clarity Engine and other software impacted by the bug.

Cisco: The company is currently investigating exactly which products are impacted by KRACK, but says that "multiple Cisco wireless products are affected by these vulnerabilities."

"Cisco is aware of the industry-wide vulnerabilities affecting Wi-Fi Protected Access protocol standards," a Cisco spokesperson told ZDNet. "When issues such as this arise, we put the security of our customers first and ensure they have the information they need to best protect their networks. Cisco PSIRT has issued a security advisory to provide relevant detail about the issue, noting which Cisco products may be affected and subsequently may require customer attention.

"Fixes are already available for select Cisco products, and we will continue publishing additional software fixes for affected products as they become available."

In other words, some patches are available, but others are pending the investigation.

Espressif Systems: The Chinese vendor has begun patching its chipsets, namely ESP-IDF and ESP8266 versions, with Arduino ESP32 next on the cards for a fix.

Fortinet: At the time of writing there was no official advisory, but based on Fortinet's support forum, it appears that FortiAP 5.6.1 is no longer vulnerable to most of the CVEs linked to the attack, but the latest branch, 5.4.3, may still be impacted. Firmware updates are expected.

FreeBSD Project: There is no official response at the time of writing.

Intel: Intel has released a security advisory listing updated Wi-Fi drives and patches for affected chipsets, as well as Intel Active Management Technology, which is used by system manufacturers.

Linux: As noted on Charged, a patch is a patch is already available and Debian builds can patch now, while OpenBSD was fixed back in July.

The WiFi Standard: A fix is available for vendors but not directly for end users.

Mikrotik: The vendor has already released patches which fix the vulnerablities.

Google: Google told The Verge that the company is "aware of the issue, and we will be patching any affected devices in the coming weeks."

AVM: This company may not be taking the issue seriously enough, as due to its "limited attack vector," despite being aware of the issue, will not be issuing security fixes "unless necessary."

OpenBSD: Patches are now available.

Microsoft: While Windows machines are generally considered safe, the Redmond giant isn't taking any chances and has released a security fix available through automatic updates.

Netgear: Netgear has released fixes for some router hardware. The full list can be found here.

Ubiquiti Networks: A new firmware release, version 3.9.3.7537, protects users against the attack.

Check back as we update this story.

via zdnet

Read more »

Shadow Brokers Release Windows Malware that can Steal Keystrokes and Record Audio to its Paid Subscriber

Paid subscribers of Shadow Brokers’ monthly subscription can now gain complete access to your PC/laptop and steal your passwords and chats



The hacking group named SHADOW BROKERS, which was responsible for the NSA leaks earlier. is back with another NSA hacker kit. This time however, the leak is only available for the users with its “monthly subscription”.

In their latest release, SHADOW BROKERS have released a malware dubbed UNITEDRAKE. It is a remote access and control tool with “plug-ins” that can target WINDOWS based systems enabling the hacker with full control over their victim's system.

UNITEDRAKE is compatible with systems running on Microsoft Windows XP, Vista, 7, 8 up to Windows Server 2012. It first came to light in 2014 as a part of NSA's classified documents leaked by its former contractor Edward Snowden.

The Snowden documents suggested the agency used the tool alongside other pieces of malware, including GUMFISH, FOGGYBOTTOM, GROK, and SALVAGERABBIT

The malware's modules including FOGGYBOTTOM and GROK can perform tasks including listening in and monitoring communication, capturing keystrokes and both webcam and microphone usage, impersonating users, stealing diagnostics information and self-destructing once tasks are completed.

These tools were allegedly developed and used by the US National Security Agency (NSA) to perform mass surveillance and bulk hacking worldwide.

Ankush Johar, director at HumanFirewall.io, said: "Remote Administration and surveillance tools are not a new thing in the global cyberspace. These have existed since the beginning of the internet. Although, criminal grade pro malware like these are extremely dangerous as, even the inexperienced chaps now can use them to carry out nation-wide cyber crimes.

"It’s not too difficult to avoid the basic malware. Being aware and staying cautious is the key to your security. Consumers are suggested to make sure that the following points are always kept in mind before hovering around the tech."

* Keep a genuine anti-virus installed and updated.
* Do not click on click on unknown links. Verify the links completely before opening them.
* Never download attachments from untrusted sources.
* Never download pirated software/cracks as they contain malware or backdoors that can give complete access of your system to the hacker.
* Install all software and OS updates available on your device whenever prompted to do so.
* Avoid plugging in unknown USB devices, whether at home or office.

via BusinessWorld

Read more »

HOW TO REMOVE ANDROID MALWARE

Is your Android device suddenly slow, using too much data, or showing corrupted data? You could have downloaded an infected app that came along with malware — or the much more obvious ransomware. Suspect apps (often promising free work software, cheat codes, new games, porn, or money) are an increasingly common method of getting viruses onto your mobile devices, where they wreak havoc and steal data.

If you can still access your Android device, your first step should be to get rid of the infected app ASAP, before it tries to infect other devices or does more damage. Here’s how to locate and remove Android malware, along with a few options for security downloads to help protect you in the future. We’re going to speak generally about consumer Android platforms here, but we also have a guide on deleting apps in stock Android which you may find useful.

Step 1: Shut down until you find out the specifics

Once you’re sure your phone is under attack by malware, hold the power button down and turn the phone fully off. It may not stop the malware from causing damage, but it can stop the problem from getting worse, and may halt ongoing malware attempts to access nearby networks.

Shutting down also gives you time to think and research. Do you know the specific infected app that brought malware onto your device? Do you know what other types of software it may have downloaded without your consent? If not, then move to another computer and look up your symptoms (as well as any new apps you tried out) to narrow down the issue. If you can’t find the app at the root of the problem, you can’t remove it!

If your research turns up nothing, you may want to turn your phone back on and skip down briefly down to step 5. Anti-malware apps can help identify what is causing your problems and will even be able to remove the infected software for you. However, it will also give your phone access to the internet again, which involves some risk.

Step 2: Switch to safe/emergency mode while you work

Flickr | Kārlis Dambrāns

When you turn your device back on and plunge back in to isolate the problematic app, switch over to safe mode first. This will help limit the damage the infected app can do.

For most Android devices, you can switch to safe mode by holding down the power button for a couple seconds once your device is on. This should bring up a few power options, including the option to switch to “safe mode,” “emergency mode” or similar wording. Choose this mode and wait for your phone to reboot before you continue.

Note: If you can’t find out what’s causing your malware problem, even after downloading a security app, this is not the time to tinker. Ask a professional for help and if you should wipe your phone. This is a good strategy if increasingly common ransomware takes over your phone and blocks your actions.

Step 3: Head to Settings and find the app

Visit Settings on your Android device. Settings typically has a gear-shaped icon, but that depends on your themes and arrangement: Search for it if you have trouble locating the right spot.

In Settings, scroll until you see the section called Apps, and enter. Look for a list of all your current apps — you may need to choose App Manager to locate the full list. Once there, scroll until you find the infected app at the center of your problems.

Select the app, and this should bring up options to Uninstall or Force close (you cannot uninstall core apps, only disable them, but these apps are unlikely to be the problem).

Step 4: Delete the infected app and anything else suspicious

Simon Hill/Digital Trends

Simply choose Uninstall, and your Android device should remove the app in question. It’s also a good idea to review your app list and uninstall other suspicious downloads — if you haven’t looked at this list before, you may be surprised at some of the odd things your device will automatically download.

Note: In some cases, you can’t uninstall the app, and the option itself will be disabled. Some of the most clever malware/ransomware will visit your administrator settings and give itself special protection to prevent this very thing. Fortunately, it’s often easy to fix. Go back to the original Settings menu and scroll down to Lock Screen and Security (or a similar corresponding section). In the Security menu, look for a section that says “Phone (Device) Administrators.” You may need to visit “Other security settings” first, depending on how your security menu is set up. In Phone Administrators, you should be able to enable the ability to remove Android malware.

Step 5: Download some malware protection

A vulnerable Android device deserves protection. There are a number of security apps you can download to help protect your phone, scan for viruses, and get rid of junk files and any potentially infected software. When you are finished manually deleting the troublesome app, download a security program to help take care of any future issues. There are many choices in this field: Try software like 360 Security, or Avast Security, or AVG Antivirus from the Google store. You can take a look at our other Android security recommendations here.

While it sounds obvious, it’s also a really good idea to keep your Android device constantly updated. Forgetting to update is one of the key risks leaving Android phones open to attack.

via digitaltrend
s

Read more »