Two adware that offered consultation to Bolsa Famlia were removed from the Play Store on Wednesday (22). Suspicious applications allowed to check data from Bolsa Famlia beneficiaries, such as amount and payment date, but an investigation by cybersecurity company PSafe indicated that both services profited from excessive advertising. One of the adwares had more than 1 million downloads in the Google store and, on Monday (20), it was the 29 most downloaded app in Brazil. The second adware had more than 500 thousand downloads and occupied 99th place in the ranking, according to a survey by the mobile market consultancy App Annie.
READ: Fake emergency aid app deceives thousands
Searched by TechTudo on Monday (20), Google reported that "Google Play has strict policies to help ensure a safe and secure platform for developers and users. We are reviewing the reported applications and, if a breach is proven, we will remove the same as in our store ". On Wednesday (22), the suspicious applications were no longer available in the Android store. Caixa, manufacturer of the official app for Bolsa Famlia, declared that "it advises its customers to use the banking services app developed by CAIXA, mainly avoiding viruses or vulnerabilities that can contaminate their device in order to steal personal and / or banking information "(see full note at the end of the story).
Play Store removed two suspicious apps Photo: Rodrigo Fernandes / TechTudo
Want to buy cell phones, TV and other discounted products? Meet Compare TechTudo
According to experts at dfndr lab, a PSafe lab specializing in digital security, both detected adware had excessive advertising, with the aim that the manufacturer would profit from viewing the advertisements. One of the suspicious applications, in particular, had the potential to become a major threat from a malicious update, so it was also classified as a riskware.
The adware in question presented, in the code, invasive and suspicious functions that could be used for malicious attacks, such as monitoring SMS messages, registering applications installed on the smartphone and accessing the phonebook and e-mail list of contacts in the phonebook. Such threats do not necessarily exhibit malicious behavior, but can open security holes in the victim's cell phone, in addition to displaying advertisements frequently.
Caixa developed the official application for Bolsa Famlia Photo: Rubens Achilles / TechTudo
With generic names like "Beneficio Famlia 2020" and green and yellow icons, the adware caught the eye for promising to consult the Bolsa Famlia database. The government provides, through the Transparency Portal, the data API for querying services such as Bolsa Familia, Public Expenditure, Federal Executive Contracts and other sectors.
The API makes it easier to access government information, as it provides the basis for citizens to develop their own structure to make data available in various forms of visualization. The adware removed from the Play Store, and other unofficial applications that make it possible to consult the Bolsa Famlia, inform in the description of the application that the program has no connection with the Federal Government and is powered by the data API of the Transparency Portal.
Official apps stand side by side with strangers on the Play Store Photo: Reproduo / TechTudo
However, it is risky to download an application of dubious origin many of the developers are unknown and do not have other apps in the Google store. Caixa Econmica Federal provides the official Bolsa Famlia application to consult the benefit, and recommends that customers avoid suspicious apps due to the threat of viruses and malware.
However, finding the official application can be more laborious than expected, as the Google Play Store search returns several informal apps alongside the legitimate ones. Therefore, it is important to pay attention to the name of the developer (written in small letters below the title of the software) to confirm whether the manufacturer is the Federal Government or Caixa.
According to some indications from the dfndr lab to protect yourself from possible data theft and intrusion to your cell phone, it is ideal not to provide personal information to suspicious applications. In addition, it is recommended to check information only on official portals and from recognized institutions. It is also important to always have a trusted antivirus installed on your phone to prevent possible malicious attacks.
How to choose a good antivirus
"CAIXA advises its customers to only use the banking services app developed by CAIXA, mainly avoiding viruses or vulnerabilities that can contaminate their device in order to steal personal and / or banking information.
The bank provides security guidelines on its Internet portal http://www.caixa.gov.br/seguranca/Paginas/default.aspx to alert its customers to scams, whether by spam emails, fake websites, in person or by phone.
In cases of doubt, customers have access to CAIXA customer service channels, such as SAC 0800 726 0101, Ombudsman 0800 725 7474 and other options at the link www.caixa.gov.br/atendimento.
The apps developed by CAIXA can be seen in the following links:
Google Play: https://play.google.com/store/apps/details?id=br.com.gabba.
Apple Store: https://apps.apple.com/us/app/box/id490813624"