Dozens more shape-shifting malicious Android apps discovered

malware
(Image credit: Elchinator from Pixabay)

Three dozen malicious Android apps have been discovered on the Google Play Store, showing once again that downloading from a proven source is not a sufficient security practice. 

Cybersecurity researchers from Bitdefender discovered a total of 35 Android apps on the Google Play Store that serve dangerous ads to their victims, and try their hardest to hide and prevent the users from removing them. 

The malware, ranging from GPS apps, to photo editors, to charging screensavers, have been downloaded more than two million times, the researchers said, “if we consider the available public data”. That means the total number is probably even greater.

Hiding from the users

Simply serving ads to the endpoints isn’t malicious in itself, the researchers explained, but the problem lies in the fact that these apps do it through their own framework, meaning nothing’s stopping them from serving more dangerous malware, too, or even ransomware. What’s more, if the ads are served aggressively (which they are), they hurt the user experience, as well.

Another aspect that makes these apps malicious is that they hide from the victims in order to avoid being deleted. 

As soon as the victim downloads one of the malicious apps, it will change its entire appearance (both icon and name) into something else, often into apps users would be afraid to delete (System Settings, or something along those lines). 

Even though Google has improved its Play Store vetting system throughout the years, malicious developers still manage to squeeze quite a few apps past the bouncers, and into one of the world’s greatest app repositories. 

That’s why the researchers are suggesting that even when users want to download an app from the official play store, they should double-check that it has enough downloads, and enough positive reviews and comments. Threat actors can use bots to fake reviews and ratings, but they can’t do it en masse. Furthermore, having a mobile antivirus wouldn't hurt.

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.