FireScam: The Dangerous Android Malware and How to Protect Your Device

In today’s connected world, smartphones are vital for communication, business, and entertainment. However, this makes them attractive targets for cybercriminals. One such malicious threat that has recently gained attention is FireScam – a dangerous piece of Android malware. FireScam is a spyware variant that specifically targets Android devices. It has the potential to steal personal information, track activities, and monitor private communications, all while going unnoticed by the user.

What is FireScam?

FireScam is a type of Android malware that primarily operates as a spyware application. It is spread through fake versions of legitimate apps, such as Telegram Premium, hosted on phishing websites. Once installed, FireScam infects devices using a dropper APK, a type of malicious software that delivers additional harmful payloads onto the infected device. Its goal is to steal sensitive data, track personal activities, and perform various malicious actions without the victim’s knowledge.

FireScam is sophisticated in its operation, and it avoids detection by modifying its behavior based on the environment it is in, like whether it’s running in a virtual or controlled environment. Its stealthy operation makes it particularly dangerous.

FireScam in Detail: How Does It Work?

Once FireScam is installed on an Android device, it starts by performing an initial check to determine if the device is in a controlled or virtual environment, such as one used for testing malware. This check allows the malware to adjust its actions accordingly, avoiding detection by antivirus programs or security tools.

Here’s a breakdown of FireScam’s key activities:

1. Firebase Push Notifications: FireScam registers a service that listens for Firebase push notifications. When a notification is received, the malware is activated to run commands, deliver additional malicious payloads, or send sensitive information to a remote server.
2. Text Message Interception: FireScam can access the Messages app on the infected device. It can capture text messages, enabling attackers to steal private conversations.
3. Screen Activity Monitoring: The malware monitors the device’s screen, logging events such as when the screen is turned on or off. It also tracks the apps that are in use, sending this information to attackers.
4. Notification Tracking: FireScam tracks certain notifications from apps like Telegram, Viber, VK, and WhatsApp. This gives attackers access to notifications related to logins, messages, and other sensitive information.
5. USSD Monitoring: The malware captures details of USSD responses, including account balances or transaction information.
6. Sensitive Data Harvesting: FireScam tracks data from various sources, including text input, autofill data, clipboard, and drag-and-drop actions. It sends this data to remote servers, allowing attackers to steal passwords, personal messages, and other sensitive information.
7. E-Commerce Activity: The malware tracks purchases and refunds in shopping apps, enabling attackers to steal transaction and payment information.
8. Image Downloads: FireScam can download images from specific URLs, potentially using them to transfer additional malicious payloads.

Symptoms of FireScam Infection

Victims of FireScam may notice several symptoms on their Android devices, including:

• Sluggish performance: The device runs slower than usual due to the malware consuming system resources.
• Increased battery consumption: The malware’s constant activity drains the device’s battery quickly.
• Unexplained data usage: A significant increase in data usage can be a sign that the malware is sending information to a remote server.
• Suspicious apps: New, unwanted apps may appear on the device without the user’s consent.
• Unwanted ads: Intrusive advertisements may appear while browsing or using other apps.
• Redirected browsers: Browsers may redirect to unknown or suspicious websites, a tactic used by cybercriminals to steal personal data.

How FireScam Spreads

FireScam primarily uses social engineering and deceptive applications to spread. Cybercriminals create fake versions of legitimate apps, like Telegram Premium, and host them on phishing websites. When users unknowingly download these fake apps, they are actually installing the FireScam malware.

Damage Caused by FireScam

The consequences of a FireScam infection can be severe:

• Personal data theft: FireScam steals sensitive information, including private messages, login credentials, and passwords.
• Financial loss: The malware can steal transaction details, which may lead to unauthorized financial transactions.
• Identity theft: The collected personal information can be used to commit identity theft, leading to significant long-term damage.
• Decreased device performance: The malware consumes system resources, draining the device’s battery and causing it to slow down.
• Data loss: FireScam’s ability to harvest personal data can lead to significant data loss.

How to Remove FireScam

Step 1: Identify the Symptoms of FireScam Infection

Before you begin the removal process, it’s important to identify if your device is infected with FireScam. Common signs of an infection include:

• Sluggish device performance
• Increased battery drain
• Unexplained data usage
• Unwanted apps appearing on your home screen
• Intrusive pop-up ads or redirects in your browser
• Suspicious activities such as messages or calls you didn’t make

If you’re experiencing these symptoms, it’s likely that your device has been infected with FireScam.

Step 2: Enter Safe Mode on Your Android Device

To prevent FireScam from running during the removal process, you need to boot your device into Safe Mode. Safe Mode disables third-party apps, including malicious ones, and helps you remove them easily.

To enter Safe Mode

1. Power off your device by pressing and holding the power button.
2. Once the device is powered off, press and hold the power button again until the device starts to turn on.
3. When the logo appears on your screen, press and hold the Volume Down button.
4. Continue holding the Volume Down button until your device finishes booting up. You should see “Safe Mode” in the corner of your screen.

In Safe Mode, only the pre-installed apps on your device will be active, which means FireScam and other third-party apps, including malware, should not be running.

Step 3: Uninstall FireScam and Suspicious Apps

Now that you’re in Safe Mode, it’s time to uninstall FireScam and any suspicious apps that may have been installed alongside it.

To uninstall FireScam

1. Go to Settings on your device.
2. Scroll down and tap on Apps or Applications.
3. Look for any apps that seem suspicious or are not installed by you, such as Telegram Premium or any unknown apps.
4. Select the suspicious app and tap Uninstall.

If you can’t find FireScam in your apps list, it may be hidden or disguised under a different name. In this case, try the following steps:

Clear App Data (for hidden apps)

1. Go to Settings > Apps.
2. Tap on All Apps or See All Apps.
3. Look for any apps that seem unfamiliar or have suspicious permissions.
4. Select the app, then tap on Storage.
5. Tap Clear Data and Clear Cache.

This will remove any data the app has collected, which can sometimes stop it from functioning correctly.

Step 4: Check Device Permissions

FireScam may have gained unnecessary permissions that allow it to monitor and steal your data. You should review all permissions and disable any that seem suspicious.

To manage app permissions:

1. Go to Settings on your device.
2. Tap Privacy or Permissions (depending on your Android version).
3. Review permissions for each app and revoke access to sensitive information (e.g., SMS, camera, microphone, contacts, etc.) for apps you don’t trust.
4. Pay special attention to apps that ask for permission to access your SMS or phone calls, as these are common targets for FireScam.

Step 5: Remove Device Admin Apps

FireScam may have set itself as a device administrator, which could make it more difficult to remove. To prevent the malware from blocking your uninstall attempts, you need to revoke device administrator privileges.

To revoke device admin rights

1. Go to Settings > Security.
2. Tap on Device Administrators or Device Admin Apps.
3. Look for any unfamiliar apps and uncheck them to revoke their administrator privileges.
4. After doing this, try uninstalling FireScam again from the Apps section in your settings.

Step 6: Remove Firebase Push Notifications

FireScam registers with Firebase push notifications to execute malicious commands. You can disable these notifications to stop the malware from receiving instructions.

To disable Firebase push notifications:

1. Go to Settings > Apps.
2. Tap on the three-dot menu in the top right corner and select Show system apps.
3. Look for apps related to Firebase (they may appear under names like “com.google.firebase”).
4. If you find any, force stop and clear data for those apps.

Step 7: Perform a Factory Reset (Optional)

If the above steps don’t completely remove FireScam from your device or if you’re still experiencing issues, a factory reset may be necessary. This will erase all data on your device, so ensure you back up important information first.

To perform a factory reset:

1. Go to Settings > System > Reset.
2. Tap Factory data reset.
3. Confirm your choice and follow the on-screen instructions to reset your device.

A factory reset will wipe all apps, data, and settings from your device, effectively removing any lingering traces of FireScam.

Step 8: Update Your Device

Once FireScam has been removed, ensure your device is up to date with the latest security patches. Manufacturers regularly release updates to fix vulnerabilities that malware may exploit.

To update your Android device:

1. Go to Settings > System > Software Update.
2. Tap on Check for Updates and install any available updates.

Step 9: Secure Your Device Going Forward

To avoid future infections, follow these security practices:

1. Download apps only from trusted sources like the Google Play Store. Avoid sideloading apps from unknown websites.
2. Enable Google Play Protect: Go to Google Play Store > Settings > Play Protect > enable Scan Apps with Play Protect.
3. Keep your apps and system updated to ensure you have the latest security patches.
4. Use a reputable antivirus app to scan your device regularly.
5. Be cautious of phishing attempts: Don’t click on suspicious links or download apps from untrusted sources.

Preventive Methods to Avoid FireScam Infections

Preventing FireScam infections involves taking steps to protect your Android device from malware. Here are some key practices to follow:

1. Download apps only from trusted sources: Stick to the Google Play Store or other reputable app stores to reduce the risk of downloading malicious apps.
2. Be cautious of phishing links: Avoid clicking on suspicious links or downloading apps from unknown websites.
3. Enable device security settings: Turn on app permissions and use a VPN to protect your data.
4. Use mobile security software: Regularly scan your device with a reputable mobile security tool like SpyHunter.
5. Keep your operating system updated: Regularly update your Android device’s OS to ensure you have the latest security patches.
6. Avoid granting unnecessary permissions: Only grant apps the permissions they need. Be wary of apps requesting access to sensitive data or features.

FireScam Threat Summary

Detail	Information
Threat Name	FireScam
Threat Type	Android malware, malicious application, unwanted application
Encrypted File Extension	N/A
Ransom Note File Name	N/A
Associated Email Addresses	N/A
Detection Names	Avast-Mobile (Android:Evo-gen [Trj]), Combo Cleaner (Android.Riskware.Kerty.aAGC), ESET-NOD32 (Android/Spy.Agent.DVZ), Kaspersky (HEUR:Trojan-Banker.AndroidOS.Mamont.bb)
Symptoms	Device slows down, data usage increases, system settings change without permission, unwanted apps appear, ads show up, browsing is redirected
Damage	Stolen personal information, decreased performance, drained battery, data loss, financial loss
Distribution Methods	Social engineering, phishing websites, fake app downloads
Danger Level	High – poses serious privacy and financial risks

Conclusion

FireScam is a dangerous malware targeting Android devices, designed to steal personal information and compromise privacy. If you suspect that your device has been infected, it’s crucial to act fast and remove the malware using a trusted tool like SpyHunter. Additionally, following preventive measures can help protect your device from future infections.

By staying vigilant and adopting good security practices, you can safeguard your personal data and enjoy a safer mobile experience.