Android Applications Carrying Malware Reappear on Google Play Store
Cyber-security company Symantec reveals this month it has detected a number of malicious applications constantly reappearing on Google Play Store. Despite all efforts of Google to make the official store for Android applications a safe place for users, it looks like hackers still manage to sneak in dangerous apps that can cause severe damage to infected devices.
Symantec reports of seven Android applications previously banned from Google Play Store for being infected with a malware threat named Android. Reputation.1 now reoccurring for download again. In an attempt to hide their malicious intentions and to make them unrecognizable for users, the attackers have this time used different names and icons, however, the apps use the same code, and they are still as dangerous as before. The newly uploaded apps also implement the same technique to compromise Android devices like the original apps and consist mostly of fake cleaners, call recorders, calculators, and app lockers.
One of the first things when installing some of the infected apps that should make the user suspicious is the kind of requested permissions – the apps require administrator privileges, which are certainly not necessary if the apps are to perform only the activities that they are supposed to. Obviously, the true purpose is hidden under misleading Google Play Store icons as the apps also have a feature to change the launcher icon as well as the icon of the running apps in the system settings. According to Symantec's report, the true intention of the apps is to deliver content to infected devices, bringing thus profit to their authors and putting sensitive user data at risk. The malicious activity begins a few hours after installation and, apparently, remains hidden from the user of the compromised device.
Also, the researchers point out that the malicious apps can be configured additionally to perform even more extensive tasks. So far, it is known that they have been configured to push ads to the target devices using Google Mobile Services, as well as to launch URL in web browsers which redirect to scam pages. This is done by exploiting the legitimate Firebase Messaging Service, however, the attackers are copying another service into a command and control service.
The easiest way for users to protect their devices from unauthorized access is to avoid downloading applications from untrusted developers. Also, users are advised to consider what kind of permissions these apps request, and block apps which require privileges that appear higher or inadequate to the tasks that the apps promise to fulfill.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.