Remote Spyware?

[BlackPen12]

OK, I'm not technical AT ALL so please excuse me.

Is it possible for a device to be infected remotely with spyware via a photo/video sent via a chat site like Snapchat/Kik?

I have a few anti-virus apps - Norton paid for, AVG and Malwarebytes. These should catch anything nasty right?

 

[Hadron]

A photo or video itself can't infect a phone. There have however been exploits that took advantage of bugs in message apps - as it happens the worst case in recent years was in iMessage (which was know to be exploited by an Israeli spyware company).

I'm not aware of any exploits that used the apps you name (and you'd think that a system app would be a bigger risk than an unprivileged user app). The most common problem is phishing via a message app: trick the recipient into clicking on something they shouldn't.

I'm never going to say never because there may be a vulnerability that's not been identified or disclosed yet (and if it's unknown then your security apps won't know what to look for). So a bit of sense and caution about what you click on or download is always a good idea. But I think the risk of infection from the route you describe is very low.

Probably the single biggest vulnerability is a poorly-secured account, especially your Google account. So don't use weak passwords, and do use 2 factor authentication. Don't download apps from random websites, because you've no idea what they might contain. And if your phone is still receiving security updates, install them.

 

[BlackPen12]

Thank you.

I generally don't click on links in e-mails etc or I copy them and safe search/google URL checker. A few weeks ago I went to do that and just lifted my finger off the screen too quickly and opened the page. It took me to what I think is a legit page. If you randomly google it it comes up. I have since safe searched with various URL checkers and it's showing as fine.

 

[BlackPen12]

Would clicking on that link give someone access to my phone - could they listen in to conversations (not tel. calls)?

Should I only have 1 Antivirus app? Norton is the only one that runs real-time, I have to run a scan on the others.

 

[Hadron]

I personally have zero "antivirus" apps. There are no actual "viruses" for Android (malware that can propagate itself between devices), the main malware risk is the "trojan" variety, i.e. malware, or a malware downloader, hidden inside what the victim thinks is an innocent app. This is why being careful where you install apps from is the main protection, with being careful about what apps you install even from legitimate sources being the second line of defense (malware does sometimes get into the Play Store, so apps that seem to request a lot more permissions than they would need for their function should be avoided. The tricky thing being knowing what permissions make sense if you aren't particularly technical!). The probability of encountering this stuff in the Play Store is not high, and does vary between countries. But for myself I figure that a touch of common sense about installation and some knowledge of common phishing cons is sufficient.

I have heard stories about different AV apps confusing each other (i.e. one reports the other as malware), but have never experienced that. They do also report false positives, so if you get an alert from one it might do no harm to have a second opinion available.

Clicking on a link is not going to magically give someone that sort of access to your phone. The risk is downloading and installing malware. It's possible for a script on a webpage to trigger a download (though you should see a notification about it), but making it install is a different matter. This is however why I never grant a web browser the ability to install apps(*).

(*) And I am quietly - or not so quietly - appalled that so many web browsers can actually be granted the permission to install apps. Because if you do that it just requires someone to figure out how to write a script that can tell the browser to install what they just downloaded, and even if they don't the download will likely be followed by a prompt to install which a careless person might click. So to me it's just a triumph of convenience over security to ever grant a browser permission to install an app, and if I was boss of Google for a day I'd bar any browser from doing that - starting with Chrome! The good news is that browsers don't have that permission by default, you have to actively enablet it, and you would know if you had done so (so no need to panic!).

 

[ocnbrze]

The only anti-virus I would keep is malware bytes. All the others are not necessary. I actually never had to install an anti- virus app on my devices. Never had adware or any virus infected my devices.

Android does a pretty good job at keeping viruses at bay. You might get adware installed, but that usually comes by installing another app.... so as long as you are careful what you install, you should be fine.

 

[Davdi]

The best defense is - Just stop and think before you click(or tap) a link. And then don't.