Bitdefender finds an active malicious campaign on Google Play

Bitdefender has published research on a new Google Play campaign that bypasses storefront security controls to deliver potentially malicious content and ads.

Once a user downloads these apps, they work to remain on the devices by changing their name, changing their icon, and taking other actions to remain hidden.

In particular, these apps will change their icon and name to pretend to be the phone’s “Settings” app.


One of the key findings of Bitdefender’s research, “Real-time behavior-based detection on Android reveals dozens of malicious apps on Google Play Store”, is that 35 apps on the Google Play Store use techniques to circumvent storefront security controls in order to deliver potentially harmful content and advertisements.

Moreover, based on public figures, these 35 applications are equivalent to approximately two million downloads. A single app Bitdefender discovered in this campaign had 100,000 downloads, with the others having tens of thousands.

Bitdefender’s research also concludes that the campaign is likely the work of the same developer or threat actor.

The publication of this study comes after Bitdefender extended support for its antimalware technologies to Amazon GuardDuty, a threat detection service that monitors malicious activity and abnormal behavior to protect accounts, workloads and data. Amazon Web Services (AWS).

Bitdefender antimalware technology provides Amazon Web Services customers with advanced threat detection to identify known and unknown malware, zero-day attacks, and malicious activity.

According to the company, when Bitdefender detects malware or anomalous activity in an Amazon GuardDuty environment, it alerts the customer and provides contextualized and actionable information to expedite and guide response actions. Available on the Amazon Web Services Marketplace, Amazon GuardDuty customers can quickly and easily license Bitdefender for automated remediation features to remove detected threats from their environment.

Organizations of all sizes and in all industries are increasingly migrating their architectures and workloads to the cloud. Analyst firm Gartner estimates that by 2025, more than 95% of new digital workloads will be deployed on cloud-native platforms, up from just 30% in 2021. When running workloads in the cloud , effective security requires a shared responsibility model, where the cloud provider and the end customer jointly protect the environment and the workloads, but many organizations lack visibility into the threats targeting their cloud workloads at the time of execution. Bitdefender technology supports Amazon GuardDuty with a focus on solving this challenge.

Bitdefender anti-malware technology offers multiple layers of protection, including heuristic analysis, machine learning models for standard detection, advanced non-signature detection, signature-based detection and emulation. This security integration provides Amazon GuardDuty customers with multi-layered threat detection and protection for all cloud workloads on Windows and Linux operating systems.

“Adversaries are stepping up their attacks on public cloud workloads because they know that’s where organizations’ valuable data assets increasingly reside,” said Amy Blackshaw, vice president of product marketing and technical at Bitdefender.

“The integration of Bitdefender technology into Amazon GuardDuty helps organizations become more cyber-resilient in the cloud by providing accurate, real-time threat detection to stop attacks before they gain a foothold in their environment,” she explains.

Use of Bitdefender antimalware technology in Amazon GuardDuty is available now.

Leave a Comment