Malicious Android apps were recently removed by Google from its Play Store

Recently, Google came across some malicious Android applications on the official Play Store. These apps were showing out-of-context ads and unnecessary intrusive browser redirects on Android mobile phones.

These apps were discovered by White Ops, a Bot mitigation company. When they informed the security team of Google, they also notified that these apps were developed by a known criminal group.

This group created 38 apps which were mostly beauty-related (such as: Lite Beauty Camera, Beauty Collage Lite, Photo Collage & Beauty Camera, and Catoon Photo Editor & Selfie Beauty Camera). Initially, when these apps were created, they contained a source code containing malicious adware functions, which bombarded the users with ads.

This time around, the developers of these apps tried to trick Google and pass through its Play Store’s security scans for the apps’ approval process. They disabled the functions of the malicious adware in the source code and appeared as thoroughly clean when passed through the security scans.

According to White Ops, this group rolled out around 21 malicious apps back in January 2019 also. But at that time, they had not disabled their code and were caught easily, and their apps were removed. All those apps were beauty related and focused on activities like taking selfies or adding new filters to photos. But these apps displayed a huge number of ads and automatically open browsers for an online ad or redirect the browser to some malicious links. When the user tried to uninstall them, they would even try to stop them from doing so by hiding their app icons!

Most of these apps survived on Google Play Store for a maximum of two weeks, and then their malicious activities were detected, and they were thrown out from the Play Store. But even with such a short life span, these apps managed to gain a considerable following, with over 565,000 downloads.

When these apps failed in January 2019, they changed their tactic and adopted two methods to hide their malicious adware code in September 2019.

The first method was to insert Arabic characters and Quranic verses in different places of their app’s source code. This prevented Google’s reverse engineers from spotting malicious content by using Arabic text instead of English.

The second method was to disable or remove their malicious code to fool Google Play Store’s security scans and add the codes later in-app updates, once these apps get approved by the Play Store.

This is an interesting and clever method, but since it was from a known threat actor, White Ops suggested Google remove these apps right away to be on the safe side.

In totality, these 38 malicious apps were downloaded more than 20 million times since January 2019 when this operation began initially.

This is still a large number of affected users because this group’s initial operation was not very sophisticatedly devised, and it even got caught within a few days.

Read next: This Dangerous Android App Has Been Downloaded Over 40 Million Times
Previous Post Next Post