Google play is the first place to download applications and games to android Smartphone. Over this week Google have removed a malicious game that can be used to steal user’s conversation on WhatsApp.
The game Balloon Pop 2 have been used by attacker to grab conversations and upload them to online website called WhatsAppCopy and make these private chat for sale. The chats are identified by phone number and if any person looking to have the privet chat he need to pay fees.
Graham Cluley is alerting that even if Google have removed the application the game can be distributed over other non legitimate websites to attract more victims. WhatsAppCopy is still online and it claims to be an online resource to backup your WhatsApp conversation. User just needs to run the malicious game, insert his phone number, check the chat and obviously download victim’s previous chats.
This is not the first case that Google play been distributing rogue software’s, BalloonPop2 come in a series of malicious application that was not thoroughly verified by Google. There are many programs that are uploaded to Google play on a daily bases and it is possible to have them including malicious content.
McAfee have already added this game to its antimalware signatures to protect users from being hacked so be sure to update your security software definition to be protected against new malwares. Also on every application you use verify the following:
- Check the release date to be sure that the application is still supported and there is a constant update that fix security vulnerabilities.
- Read the online review so if there is a negative feedback about the application avoid to use it.
- Google store shows you the permission required for any application. Normally applications and games needs just basic permission for functionality and you should never install apps that may ask for full access.
- Install an antimaware and keep the definition up to date.
- sometimes the number of downloads can lead if the application are tested by many users or not. avoid new and non widely used applications.