Google Play: Beware of these malicious applications

More than two million Android users have downloaded a series of malicious apps that bypassed security protections to enter the Google Play app store, researchers have warned.

After installation, apps use sneaky techniques to hide from the user and avoid removal, while delivering malicious advertisements that can link directly to malware.

A total of 35 “clearly malicious” apps from the Google Play store were discovered and detailed by Bitdefender cybersecurity researchers, many of which tricked victims into downloading them.

Find them and delete them on the spot

If users have downloaded any of these apps, they are recommended to find and remove it immediately.

A Bitdefender spokesperson told ZDNet that the company contacted Google about malicious apps on the Play Store. ZDNet has contacted Google, but has not yet received a response as of press time.

It’s common for malware-laden apps to look clean enough to bypass App Store protections because they only connect to the servers where they receive the malicious download after they’ve been installed on the user’s device. ‘user.

According to Bitdefender, many apps can still be downloaded as of this writing.

One of the apps discovered by the researchers is called GPS Location Maps, and it has been downloaded by over 100,000 users. According to the researchers, after being downloaded, the app changes its name from “GPS Location Maps” to “Settings” to make it difficult to find and remove, while showing pop-up ads referring to malicious websites.

This app, like many other dangerous apps identified by Bitdefender, also obtains permission to appear on top of other apps in order to force the user to click on them. Some of these apps also simulate user’s clicks to trick them into clicking on advertisements, which allows them to make illicit profits from forced visits.

The art of concealment

The authors of GPS Location Maps have gone to great lengths to ensure that the malicious application is difficult to reverse engineer and examine, as the main Java payload is hidden in encrypted files. Even when the files are decrypted, the code remains obfuscated.

The malicious app also uses another technique to stay hidden: it does not appear in the list of most recently used apps on Android devices.

Once downloaded, each malicious application adopts a similar behavior: it shows advertisements and disguises the icon as something else in order to conceal it. Among the malicious apps that have been downloaded more than 100,000 times are apps called Personality Charging Show, Image Warp Camera and Animated Sticker Finder.

Adopt a more suspicious behavior

Each of these malicious apps is listed as the only one published by a single developer, but their email addresses and websites are all very similar, leading Bitdefender to believe that all of the apps could be the work of a single group or individual. Other apps that have been downloaded over 100,000 times include Personality Charging Show, Image Warp Camera, and Animated Sticker Finder.

“While official stores are generally very good at eliminating malicious or dangerous apps, history shows that a small number of bad apps manage to get through and claim victims until they are reported. Just because we download an app from the official store doesn’t necessarily mean it’s safe,” the researchers said.

Users should always be careful what they download, and be especially wary of apps from unknown developers that have been downloaded in large numbers but have not been rated. Users should also take a close look at apps that request access to permissions that have nothing to do with the advertised functionality.

“Just because an app is downloaded from an official store doesn’t mean it’s safe,” the researchers warned.

Source: ZDNet.com

Leave a Comment