Tag: malware

Check your smartphone now — these apps are dangerous and should be deleted.

You should read that sentence again and then open your phone. Check your apps. Check what permissions they've been allowed. The FBI has just issued a public warning about mobile applications — especially those developed and maintained overseas — that can quietly collect and leak personal data. Check your smartphone now — these apps are dangerous and should be deleted. This is not fearmongering; it's a practical reminder that our pocket computers hold the keys to our contacts, location, photos, messages, and sometimes banking tokens.

Why the FBI warning matters

Over the last few years, governments and security agencies have flagged concerns about certain foreign-developed apps that request broad device permissions, persistently collect data, or route information through infrastructure in countries with different national security laws. The FBI’s recent public service advisory highlights three recurring risks:

• Apps that ask for access to contacts, SMS, storage, and location can harvest data about people who never installed the app.
• Some apps persistently collect information even when they aren’t actively used.
• Apps that host or hide malware can exfiltrate data or enable surveillance.

The advisory doesn’t ban specific mainstream brands by name in every case, but it does nudge users to be extra cautious about apps that maintain infrastructure or data stores in foreign jurisdictions where local laws may compel that data be handed over to state authorities.

Transitioning from awareness to action is the point: if an app on your phone requests sweeping permissions and you don’t trust its origin, treat it as a red flag.

Which apps you should watch for

The FBI’s message is broad rather than a neat list of offenders. That’s intentional: the risk isn’t just one app, it’s a pattern in how some apps behave and where they store data. Still, coverage from security outlets and tech sites highlights common categories to scrutinize:

• Free VPNs and “lite” streaming or downloader apps that ask for device-wide access.
• Lesser-known social or utility apps that request contact lists, SMS, and storage access on install.
• Apps hosted outside official stores (sideloaded APKs on Android) or unofficial versions of popular services.
• Apps that solicit device admin rights, accessibility privileges, or persistent background access.

If an app is obscure, newly published, or from a developer you can’t verify — and it asks for broad permissions — it’s safer to delete it and find a well-reviewed, reputable alternative.

What to do right now

• Open your phone’s Settings and review app permissions. Revoke anything that looks unnecessary (camera, mic, contacts) for apps that shouldn’t need them.
• Uninstall apps you don’t recognize, don’t use, or that you installed outside Apple’s App Store or Google Play.
• Update your OS and apps to the latest versions so security patches are applied.
• Only download apps from official stores and check developer details and reviews.
• Change passwords for sensitive accounts and enable multi-factor authentication where possible.
• If you suspect an app has stolen data or behaved maliciously, reset the device and reach out to your bank or services you use — and file a report with the FBI’s IC3 or your local authorities if you’re in the U.S.

These steps reduce the attack surface and limit persistent data collection even if an app is trying to overreach.

How real is the risk?

A follow-up question is fair: how likely is your app to be an active surveillance tool versus just a privacy-invasive tracker? The answer is: both are possible. Some apps are simply greedy for advertising and analytics data. Others — whether through negligence or design — may process and store data in ways that expose it to foreign legal orders or hostile actors. Security researchers and agencies have repeatedly found malware-laden or trojanized apps on third-party stores and even within official marketplaces.

So while the worst-case scenarios are rarer, the cost of inaction is high: identity theft, account takeover, and privacy compromise. Treating your smartphone like a personal device that needs periodic audits is smart hygiene — not paranoia.

Navigating nuance: don’t throw the baby out with the bathwater

Not every app developed abroad is a threat. Big, reputable companies with clear transparency reports, independent audits, and local presence are different from small, opaque developers. Context matters:

• Look for transparency: where is data stored, how is it encrypted, and what do the privacy policies say?
• Prefer apps with independent security reviews or a track record of responsible disclosure.
• Remember that removing permissions or uninstalling apps may break functionality — weigh that against the information at stake.

In short: be skeptical, not reflexively fearful. Make decisions based on permissions, provenance, and behavior.

My take

Smartphone security is a habit, not a one-off action. The FBI’s advisory is a timely nudge reminding us that convenience often comes with trade-offs. A regular five-minute check of permissions, coupled with a quick uninstall sweep for unused apps, will dramatically improve your safety. We can enjoy modern apps while still insisting they earn our trust.

Final thought: think of your phone like your home — you wouldn’t give a stranger permanent access to your house keys or bathroom drawers. Treat app permissions the same way.

Sources

• FBI Public Service Advisory summarized by Forbes — "FBI Warns iPhone And Android Users—Do Not Install These Apps" (Forbes).
  https://www.forbes.com/sites/zakdoffman/2026/04/04/fbi-warns-iphone-and-android-users-do-not-install-these-apps/

• "FBI warns against using Chinese mobile apps due to privacy risks" (BleepingComputer).
  https://www.bleepingcomputer.com/news/security/fbi-warns-against-using-chinese-mobile-apps-over-to-data-security-risks/

• "Many of the most downloaded… are developed and maintained by foreign companies" (TechRadar coverage of the FBI advisory).
  https://www.techradar.com/pro/security/many-of-the-most-downloaded-and-top-grossing-apps-in-the-united-states-are-developed-and-maintained-by-foreign-companies-fbi-urges-users-not-to-download-chinese-mobile-apps-over-privacy-risks

When a favorite Chrome extension gets flagged for malware — what just happened?

Google has just blocked one of our favorite Chrome extensions for apparently containing malware. That’s the headline Android Authority ran — and it landed in many inboxes with a familiar mix of annoyance and unease. Extensions that once made browsing breezier are suddenly disabled, users are left confused, and developers are scrambling to explain themselves.

This post walks through what happened, why extensions go rogue, and what you should do right now if Chrome has flagged an add‑on you rely on.

What the alert actually means

When Chrome flags an extension as malicious, Google isn’t making a cosmetic change — it’s saying the extension may perform harmful behavior (exfiltrate data, inject code, hijack settings, or silently redirect traffic). Chrome can automatically disable or block an extension if Safe Browsing or Google’s security systems detect suspicious activity, or if outside researchers publish evidence of abuse.

A flagged extension can be:

• an originally benign project that was sold or hijacked, then updated with malicious code;
• a deliberately malicious extension that slipped past review; or
• an extension that suddenly behaves in a risky way after adding new permissions or remote scripts.

Researchers and security outlets have tracked these scenarios repeatedly over the last two years, with large removal waves and coordinated campaigns affecting millions of users. (thehackernews.com)

How this keeps happening: the typical playbook

The pattern repeats:

• An extension gains users by solving a real problem (tab management, ad blocking, screenshots, VPN, etc.).
• Attackers either buy the extension or compromise the developer account (phishing is common).
• The attacker pushes an update that adds remote code, surveillance, credential theft, or monetization tricks (redirects, injected ads, affiliate theft).
• The extension continues to run in users’ browsers until researchers spot the activity and publicize it, or Google’s detection systems act first. (arstechnica.com)

Ownership transfer is a recurring trigger. Sold projects may ship with new code or hidden remote config endpoints that let a new maintainer change behavior at will. That makes “once‑trusted” extensions suddenly dangerous overnight. Recent analyses show attackers increasingly using remote rule endpoints to hide payloads until after an update is approved. (thehackernews.com)

This popular Chrome extension just got flagged for malware

Let’s return to the Android Authority story line: this popular Chrome extension just got flagged for malware. The headline matters because it signals something broader — it’s rarely about one tiny project and more often about the underlying systemic weaknesses in extension distribution and review.

When a widely used extension is disabled:

• hundreds of thousands (or millions) of users can be affected immediately;
• removal from the Web Store doesn’t necessarily uninstall the extension from users’ machines — though Chrome can auto‑disable it; and
• the reputational damage to the original developer (if they weren’t at fault) can be severe. Examples from past incidents include The Great Suspender and other well‑known tools that were removed after ownership changes and abuse claims. (androidcentral.com)

What to do if Chrome flags one of your extensions

If Chrome disables an extension and labels it “malicious” or “flagged”:

1. Don’t panic. Assume the extension could be compromised and follow cleanup steps.
2. Open chrome://extensions and confirm which extension is disabled. Note the exact name and developer listed.
3. Remove the extension from Chrome (click Remove). This helps prevent any further browser‑level activity.
4. Clear site data and cookies for sites you use with that extension, and change passwords for accounts you accessed while the extension was installed — especially if the extension had access to page content or form fields.
5. Run a system scan with an up‑to‑date antivirus or anti‑malware tool; some malicious extensions attempt to pull additional payloads.
6. If you used the extension for passwords, wallets, or sensitive tokens, follow platform‑specific recovery steps (revoke tokens, rotate API keys, and check wallet backup seeds).
7. Follow reputable coverage (security vendors, major tech outlets) for updates on whether the developer restored a clean version or the extension was permanently removed. (malwarebytes.com)

Why automatic blocking helps — and where it falls short

Automatic blocking prevents fresh victims quickly, which is a win. Google’s ability to remotely disable harmful extensions is a blunt but effective emergency brake.

However, it’s not perfect:

• Detection lags and false negatives occur; some malicious behavior is subtle.
• Remote scripts can be rotated or obfuscated so the malicious behavior appears only for certain users.
• Users who installed an extension from outside the Web Store or those who keep old V2 manifests may remain exposed.

Security researchers keep finding extension campaigns that harvest chat logs, screenshots, or credentials — sometimes at massive scale. That’s why independent researchers (Koi Security, Malwarebytes, The Hacker News and others) still play a vital role in discovery and public pressure. (thehackernews.com)

Practical habits to reduce risk

A few habits will lower your exposure without killing your browser workflow:

• Install extensions only from verified developers and check user counts and reviews.
• Limit permissions: avoid extensions that demand broad "read and change all data on websites you visit" unless that’s essential.
• Prefer open‑source extensions with visible code/history on GitHub — you’ll have more transparency if something changes hands.
• Use a dedicated browser profile for risky tools (or for work vs. casual browsing) so a compromised extension has narrower reach.
• Keep Chrome updated and periodically review installed extensions for lesser‑used items you can remove. (cybernews.com)

What this means for the extension ecosystem

We’re witnessing a market correction of sorts: extensions are useful because they run with deep privileges, and that same power makes them attractive to attackers. The solution won’t be a single fix — it will require better developer identity controls, stricter review for ownership transfers, clearer permissions UX for users, and continued vigilance from the security community.

Until then, expect headlines like Android Authority’s to keep coming. Each one is a reminder that convenience and safety are a tradeoff, and that the safest browser is the informed one.

Final thoughts

Seeing a beloved extension get flagged is jarring, but it’s also a sign the system (researchers + vendors + platform defenders) is working. Treat the alert as an invitation to clean up and tighten practices: remove unused extensions, rotate sensitive credentials, and keep a skeptical eye on any tool that suddenly requests expansive permissions or changes ownership.

We should also push for better safeguards around extension transfer and for clearer signals in the Chrome Web Store about developer provenance. Those changes would blunt this problem at scale — and make it a little less dramatic the next time “this popular Chrome extension just got flagged for malware” shows up in your feed.

A few helpful reads

• The Hacker News — Chrome Extension Turns Malicious After Ownership Transfer. (thehackernews.com)
• Malwarebytes — Millions of people spied on by malicious browser extensions. (malwarebytes.com)
• Android Central — Popular extension The Great Suspender removed for malware (example of a past high‑profile case). (androidcentral.com)

Sources

• Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft — The Hacker News.
  https://thehackernews.com/2026/03/chrome-extension-turns-malicious-after.html

• Millions of people spied on by malicious browser extensions in Chrome and Edge — Malwarebytes Blog.
  https://www.malwarebytes.com/blog/news/2025/07/millions-of-people-spied-on-by-malicious-browser-extensions-in-chrome-and-edge

• Popular extension The Great Suspender has been removed from the Chrome Store for malware — Android Central.
  https://www.androidcentral.com/great-suspender-flagged-malware-taken-chrome-webstore

• Over half a million VKontakte accounts hijacked using malicious Chrome extensions — TechRadar.
  https://www.techradar.com/pro/security/over-half-a-million-vkontakte-accounts-hijacked-using-malicious-chrome-extensions