Despite so many efforts by Google to maintain its Android store free from any of the malicious apps but it still fails to do so. Various malware apps still make it past the verification process easily and in September, Google Play was discovered full of Trojans included bankers, adware apps, spyware apps, and even downloaders as well. The games and utility apps were discovered as bankers and spyware apps in disguise. Many of the popular photo editing apps were discovered as malware apps with services that can automatically subscribe users to premium services of steal the personal information of users.
Once the malware apps installed on the user device, the malware tries to install its own malicious software according to the instructions from its command and control server. A similar downloader app in disguise named Motorcycle Road 2D is currently available in third-party Android stores.
A malware named Android Joker was also discovered in various apps on Google Play. This malware from the Trojan family was embedded in software like camera plugins, photo editors, image wallpaper apps, Systems and security utilities. Usually, cybercriminals chose apps on the base of the popularity of apps with Android users. However, the discovered malware apps were quickly removed by Google. There is no official response regarding the statistics of a number of installations each malicious app had but we are still waiting for it. According to the review count of these malware apps, it indicates that they were not installed in large numbers but still were added to at least a few hundreds of devices.
According to researchers, the malware apps found in Google Play could easily subscribe users to expensive services by loading websites with premium content and clicking the links without the consent of users. The subscription to premium services was possible as the attackers can easily read the verification codes from text messages and according to the researchers the malware Android Joker also stole phone contacts from users and delivered them to attackers.
The Trojan would breach sensitive information from text messages by relying on Android Accessibility Service. The banking Trojan also displayed phishing pages for targeted financial institutions. Another banking Trojan was discovered by researchers disguised as official application of cryptocurrency exchange aimed to steal the credential information from unsuspecting users when they tried to log into the account. After submitting the login information in fake authentication window this malware would display a message stating service unavailable.
Another capability of the malware was that it could read the two-factor authentication codes from text messages and emails and could also block notifications from instant messaging apps and emails so that users would be unaware of the unauthorized login on its account.
More than three varieties of spyware were found on Google Play by Doctor Web and all of them were monitoring users’ texting, calling, instant messaging services and some of them could even track devices.
According to the statistics from the company, malicious apps downloaded and executed were the most common on Play Store with malware components belonging to two families and other apps were discovered as adware apps and backdoors.
Read next: 172 infected apps discovered on Google Play and this needs our attention
Malware downloaders and premium subscriptions discovered in Google Play’s apps
Recently, a researcher from Russian antivirus maker Doctor Web discovered multiple apps disguised as game apps but were being used to deliver malware downloaders.Once the malware apps installed on the user device, the malware tries to install its own malicious software according to the instructions from its command and control server. A similar downloader app in disguise named Motorcycle Road 2D is currently available in third-party Android stores.
A malware named Android Joker was also discovered in various apps on Google Play. This malware from the Trojan family was embedded in software like camera plugins, photo editors, image wallpaper apps, Systems and security utilities. Usually, cybercriminals chose apps on the base of the popularity of apps with Android users. However, the discovered malware apps were quickly removed by Google. There is no official response regarding the statistics of a number of installations each malicious app had but we are still waiting for it. According to the review count of these malware apps, it indicates that they were not installed in large numbers but still were added to at least a few hundreds of devices.
According to researchers, the malware apps found in Google Play could easily subscribe users to expensive services by loading websites with premium content and clicking the links without the consent of users. The subscription to premium services was possible as the attackers can easily read the verification codes from text messages and according to the researchers the malware Android Joker also stole phone contacts from users and delivered them to attackers.
Banking and Spyware Trojans
Last month, Banking Trojans were found in apps on Google Play and one of them was even targeting Brazilian users. In one app, the malware was hidden in an app pretending to locate family members to users.The Trojan would breach sensitive information from text messages by relying on Android Accessibility Service. The banking Trojan also displayed phishing pages for targeted financial institutions. Another banking Trojan was discovered by researchers disguised as official application of cryptocurrency exchange aimed to steal the credential information from unsuspecting users when they tried to log into the account. After submitting the login information in fake authentication window this malware would display a message stating service unavailable.
Another capability of the malware was that it could read the two-factor authentication codes from text messages and emails and could also block notifications from instant messaging apps and emails so that users would be unaware of the unauthorized login on its account.
More than three varieties of spyware were found on Google Play by Doctor Web and all of them were monitoring users’ texting, calling, instant messaging services and some of them could even track devices.
According to the statistics from the company, malicious apps downloaded and executed were the most common on Play Store with malware components belonging to two families and other apps were discovered as adware apps and backdoors.
Bottom Line
Although Google has a variety of new tools and algorithms to prevent the platform from malicious apps but some apps still manage to sneak into the Play Store, so users can also prevent this by not only installing the apps from trusted developers but also checking the reviews of apps before installing them.Read next: 172 infected apps discovered on Google Play and this needs our attention
