From fake camera editor software to VPN services, recent reports show how cybercriminals have refined their tactics in developing seemingly legitimate malware apps.
Meta has recently warned to uninstall over 400 malicious mobile apps after discovering that these tools were designed to steal people's Facebook login credentials. The harmful services were so well-crafted that they even dodged the privacy check of both Google's Play Store and Apple's App Store.
At the same time, antivirus company Avast found over 80 scam applications still lurking on Apple's App Store a year after its findings were presented to Apple. While, on the Android front, dozens of tools exceeding over 300,000 downloads have been found guilty of carrying three different types of malware.
Even if you're securing your data with the best VPN, everybody can be tricked into downloading a fake app and exposing their personal information.
This is why, for Cybersecurity Awareness Month, we're sharing seven tips on how to stay away from malicious apps and secure your anonymity when your data gets compromised.
1. Be aware of malicious apps' red flags
Despite hackers getting smarter and smarter in developing legitimate-seeming fake apps, dangerous software can still be spotted by attentive users. That's because they generally have some common features that you should be alert of. Below are the most common red flags:
Social media credentials necessary for using the app
As malicious software might aim to steal your login details to jeopardize your account, the fact that you need this information for using your new photo editor should be an alarming factor. Many legitimate apps may ask you to sign in with Facebook in a secure way, but this will never be the only option.
App reputation
Don't be fooled by its high ratings - hackers often produce fake positive reviews to boost their app's overall reputation. You should take your time to go through all user feedback instead, especially the negative ones. If it's a malware app, it's very likely that someone else has already spotted this bug.
Discrepancy between its promised function and the one delivered
This is an important red flag to look for as soon as you download a new app on your device. Do you find that the functionality promised in its description doesn't match what it actually does? Delete the application immediately before it's granted access to your personal data.
2. Run antivirus software
Malware removal or antivirus software are the tools you want for eliminating any threat running on your device. You should also keep it active in the background to avoid any similar situations in the future.
You don't even have to spend a fortune, as good antivirus services are pretty affordable these days. Or, you can opt for a full internet security suite to get the best value for your money and protect all your devices from different online risks.
3. Reset your device
Generally only used as a last resort as it will erase all data, factory resetting you device will remove all sinister apps and/or malware from your smartphone or tablet. Backup your files with cloud storage, head to settings and proceed to the factory reset.
It can be a bit of a pain to reinstall all your favorite software, but your data security is more important here.
4. Change your passwords
Once you realize that your social media account or device itself has been hacked, you can be almost certain that your passwords have been exposed too. Create new, stronger passwords for all your online accounts, and never use the same for different services.
As a rule of thumb, you should also update these regularly. You might want to consider a good password manager to help you stay on top of your digital hygiene. Secure VPN services, like NordVPN and ExpressVPN, even offer this as an extra feature at no extra cost.
5. Enable two-factor authentication
Make the login process more secure by setting up the two-factor authentication (2FA). As it requires you to prove your identity twice, this discourages bad actors from accessing your profile.
Already a common practice for securing your email account, for example, most social media platforms are now offering this extra layer of security. These include Facebook, Instagram and LinkedIn.
6. Turn on new device login alerts
When you enable this option, you will be notified every time your account is accessed from a new device. This means that you'll quickly realize if your account has been hacked and be able to act accordingly.
7. Report malicious applications
After having secured all your sensitive information and regaining control over your device and/or account, there's one more action to take: reporting the issue. You can flag the intrusion of your social media account directly to the platform. Meta has a specific Data Abuse Bounty program for these cases, for example.
You should also flag the application as dangerous to other users by leaving a negative review, as well as warning the app store from where you download the incriminated software.
