A malware is any software intentionally designed to cause damage to a computer and/or a network etc. A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, and scareware.
One of the latest malwares found in September is the Joker Malware, which belongs to the Trojan class. It basically pretends to be a legitimate app in the Play Store, but once the user downloads and installs it, the malware triggers and it conducts billing frauds either by sending SMS messages to Premium cost numbers or by repeatedly making purchases using the users’ account, also the billed amounts will indirectly go to the Joker malware operators. So far this malware only affects android users.
So how can we protect ourselves from these types of malwares?
Many Android users tend to download paid apps via third party vendors which the purchases are patched, so it’s free to use. And have you ever thought that these apps have only patched the purchases? Maybe, but many apps include malicious codes which can be a silent threat for the user. So as a person who is concerned about the privacy, I recommend not to download apps using third party vendors.
Whereas it is safe to download apps via the Play Store, but with these occurrences, we as the users get second thoughts about the safety of the Play Store it claims to have. So as a Free and Open Source Software (FOSS) user, I recommend users to try out the Play Store equivalent FOSS project F-Droid which has almost all the apps included in the Play Store.
Why to choose F-Droid over Play Store?
Well, Play Store validate apps using a code reviewing algorithm and the app is published by the developer, so the app code may contain trackers, malwares and what not. But the same app which is included in F-Droid is built using the source code and the code will be filtered using multiple verification servers (for more information https://f-droid.org/en/docs/Verification_Server), so no malicious code will be included in the app. And also the source code will be reviewed by the Open Source community which will result a malicious code to be present in the source code to be a minimum to none.
To end this blog post, I personally recommend the reader/user to use more FOSS related products rather than closed source products.
I as a FOSS user, am concerned about the Privacy in the connected world, I hope you are too!