Security researchers from a software company, Symantec, recently discovered two new sets of malicious apps on the Google Play store. The first set of seven apps seems to have been re-uploaded under different names after being reported earlier. The other set of 38 apps, disguised as games and education apps, redirected victims to install other apps from the Play Store. They display advertisements and aim to drive traffic to some sites and the blog URLs are loaded in the background without the knowledge or permission of the user. There’s also another set of 15 malicious apps reported that seem to open ads and download payload without the consent of the user.
All these apps wait four hours before launching the “malicious activity” to evade any user suspicion.
One may think that this may be because the people behind these apps may be using some sophisticated technology to fool Google. But, you may be surprised to know that the only thing these people do is to change the name of the app and use a different publisher to put these malicious apps back on Google Play. What is surprising is the fact that people responsible for this use the same code as they used in the apps before the app listings were reported to Google.
It’s quite alarming, given the security checks Google performs before allowing an app on the Play Store. These apps, after being installed, ask for all the necessary admin permissions, and then take the user to a Google ad or load scam sites on the smartphone browser. These malicious apps are falsely promoted as calculators, apps lockers, call recorders, space cleaners, and emoji keyboard additions on the Google Play store.
Symantec goes to give an example of “Android.Reputation.1” malware which appears to be “hidden in at least seven apps in the U.S”. The company tested these apps to note that none of the “samples” tested worked as advertised and tried to implement a number of measures to ensure that the app stays on the smartphone. These measures included disappearing and erasing its tracks.