Android malware

Malicious Android apps found with 2 million installs on Google Play – BleepingComputer

Android malware

A new batch of thirty-five malicious Android apps showing unwanted ads have been found on the Google Play Store, with the apps installed more than 2 million times on victims’ mobile devices.

The apps were found by Bitdefender security researchers, who used a real-time behavior-based analysis method to detect potentially malicious apps.

Following standard methods, the apps entice users to install them by pretending to offer some specialized functionality but changing their name and icon immediately upon installation, making them difficult to find and uninstall.

From now on, malicious apps start serving intrusive ads to users by abusing WebView, generating fraudulent impressions and advertising revenue for their operators.

Additionally, since these apps use their own framework to load ads, additional payloads are likely to be dropped on a hacked device.

ways to hide

as such Bitdefender explains in the reportAdware applications implement multiple ways to hide on Android and even receive later updates to make it easier to hide on devices.

After installation, apps usually assume a cogwheel icon and rename themselves “Settings”, to avoid detection and deletion.

If the user clicks on the icon, the app will launch the size 0 malware app to hide from view. The malware then triggers a legitimate settings menu to trick users into thinking they have launched the correct application.

Function to turn on system settings
Function to turn on system settings (bitdefender)

In some cases, apps assume the appearance of Motorola, Oppo or Samsung system apps.

Malicious applications also feature heavy code obfuscation and encryption to thwart reverse engineering efforts, and hide the main Java payload inside two encrypted DEX files.

Another way to hide apps from the user is to exclude themselves from the Recent Apps list, so even if they’re running in the background, active processes won’t detect them.

Popular apps that display ads

The number of downloads of the 35 malicious Android apps ranges from 10,000 to 100,000, with a total of more than two million downloads.

The most popular of them, which have 100 thousand downloads each, are the following:

  • Light Walls – Wallpaper Pack (gb.packlivewalls.fournatewren)
  • Big Emoji – Keyboard 5.0 (gb.blindthirty.funkeyfour)
  • Large Wallpapers – 3D Backgrounds 2.0 (gb.convenientsoftfiftyreal.threeborder)
  • Engine wallpapers (gb.helectronsoftforty.comlivefour)
  • Stock Wallpapers (gb.fiftysubstantiated.wallsfour)
  • EffectMania – Photo Editor 2.0 (gb.actualfifty.sevenelegantvideo)
  • Art Filter – Deep Photo Effect 2.0 (gb.crediblefifty.editconvincingeight)
  • Fast Emoji Keyboard APK (de.eightylamocenko.editioneights)
  • Create sticker for Whatsapp 2.0 (gb.convincingmomentumeightyverified.realgamequicksix)
  • Math Solver – Camera Helper 2.0 (gb.labcamerathirty.mathcamera)
  • Photopix Effects – Art Filter 2.0 (gb.mega.sixtyeffectcameravideo)
  • LED Theme – Colorful Keyboard 2.0 (gb.theme.twentythreetheme)
  • Animated Sticker Master 1.0 (am.asm.master)
  • Sleep Sounds 1.0 (com.voice.sleep.sounds)
  • Character Charging Show 1.0 (com.charging.show)
  • Twisted Camera Picture
  • GPS location finder (smart.ggps.lockakt)

From the above, “Walls light – Wallpapers Pack”, “Animated Sticker Master” and “GPS Location Finder” are still available on the Play Store when this article was written.

Adware is still available on the Play Store
Adware is still available on the Play Store

Bleeping Computer has contacted Google regarding this issue, and we will update this post as soon as we receive a response.

The rest of the listed apps are available on many third-party app stores like APKSOS, APKAIO, APKCombo, APKPure and APKsfull, but the number of downloads provided by their time on Play Store.

However, if you have installed any of these apps in the past, you should locate them and remove them from your device immediately.

Since apps are masquerading as settings, running a mobile AV tool to locate and remove them may come in handy in this case.

#Malicious #Android #apps #million #installs #Google #Play #BleepingComputer

Leave a Comment

Your email address will not be published.