It’s only February, but there’s already an alert for anyone with an Android phone in their pockets. It appears hackers are, once again, targeting this popular operating system with a new bug called Arsink. Once installed, this vicious virus can perform a wide range of worrying tasks, including reading text messages, looking at call logs, stealing contacts and even listening to conversations via the phone’s microphone. It’s a scary attack, and it’s easy to see how some are being caught out.

According to the team at Zimperium, users are being tricked into downloading official-looking apps that claim to offer exclusive extras or ‘pro’ features.

These applications – which look like famous names, such as Google, Spotify, YouTube, WhatsApp, Instagram, Facebook, Telegram and TikTok – are being advertised on social media and other platforms rather than via Google’s official Play Store.

It’s thought that around 50 well-known brands are being targeted, with Android users now being warned to beware and not to sideload any applications unless they are fully sure of their origin.

The problem appears to be growing, with it thought over 40,000 phones may have already been infected with the Arsink trojan.

Explaining more, Zimperium said, “The Arsink campaign represents one of the most persistent and evolving Android surveillance operations observed in recent months. What began as a single-family threat abusing Firebase as a command-and-control channel has expanded into a large, modular ecosystem of variants, each using different exfiltration paths such as Firebase Storage, Google Apps Script and Drive, Telegram bots, and embedded payload droppers.

“From a user’s perspective, these apps appear harmless, most offer no real functionality beyond intrusive permission prompts, yet behind the scenes, they perform continuous exfiltration of messages, contacts, call logs, location data, and media content, while allowing operators to issue remote commands and even wipe files.”

So, the advice is clear. If you get a text message or see posts on social media claiming that there’s a new and better version of popular apps available, don’t be fooled, as it could be a scam.

It’s also a bad idea to sideload any apps onto devices, and always check out the developer before installing anything onto a device.

Reviews can also flag if apps aren’t quite what they seem. Follow those rules, and you should be safe.