Several malicious Google Play Android apps installed over 2 million times push intrusive ads to users while concealing their presence on the infected devices.
In their latest monthly mobile threat report, Doctor Web's analysts identified trojans on Google Play associated with the 'FakeApp,' 'Joker,' and the 'HiddenAds' malware families.
Of particular interest are the following four adware (HiddenAds) apps disguised as games:
- Super Skibydi Killer – 1,000,000 downloads
- Agent Shooter – 500,000 downloads
- Rainbow Stretch – 50,000 downloads
- Rubber Punch 3D – 500,000 downloads
Dr. Web explains that once victims install these apps on their devices, they hide by replacing their icons with that of Google Chrome or using a transparent icon image to create empty space in the app drawer.
These apps run stealthily in the background upon launch, abusing the browser to launch ads and generate revenue for their operators.
The analysts also discovered several apps belonging to the FakeApp family, which direct users to investment scam sites.
In other cases, Dr. Web spotted game apps that loaded dubious online casino websites in violation of Google Play policies.
Some notable examples of those are:
- Eternal Maze (Yana Pospyelova) – 50,000 downloads
- Jungle Jewels (Vaibhav Wable) – 10,000 downloads
- Stellar Secrets (Pepperstocks) – 10,000 downloads
- Fire Fruits (Sandr Sevill) – 10,000 downloads
- Cowboy's Frontier (Precipice Game Studios) – 10,000 downloads
- Enchanted Elixir (Acomadyi) – 10,000 downloads
Finally, the antivirus team spotted two Joker family apps on Google Play, which subscribe users to premium paid services:
- Love Emoji Messenger (Korsinka Vimoipan) – 50,000 downloads
- Beauty Wallpaper HD (fm0989184) – 1,000 downloads
All the apps presented in this report have been removed from Google Play by the time of writing.
Still, users who might have installed them in the past must delete them immediately and perform a complete device scan using Play Protect and a mobile antivirus tool.
Dr. Web has also published a list of hashes for all malicious Android apps its analysts discovered last month on GitHub.
To avoid downloading malicious software from Google Play, minimize the apps you install to the minimum required, carefully read user reviews, and perform checks to ensure the publisher is trustworthy.
Comments
Idat77 - 8 months ago
I am trying to understand this, help me out. So, the apps on Google Play, aren't they screened... I mean placed under a microscope for 'Nasty Stuff'. If that is true, how did it get into the store and bypassed Play Protect.
I this article, I'm told to read the EULA, and to do this and do that but... I shouldn't have to because I'm figuring Google Play... 'Come on Man!' (President Biden's Voice) This is Google we are talking about, right. Aren't they suppose to be up on their game.?
ctigga - 8 months ago
Transitory, man! Transitory! :D
In all seriousness, app hosting platforms (e.g. Google Play, Apple AppStore, etc.) are likely going to scan their apps in a way similar to a virus scanner: looking for malicious code and behavior based off a database of known threats and heuristics.
The problem is, hiding malicious code can be a trivial exercise for an attacker. The malicious code will likely NOT execute when the app is scanned and thus won't set off behavioral alarms.
If an app in question is manually analyzed (e.g. by a security analyst), they're often able to dig deeper and get a more complete picture of what is going on.
Threat analysis technolgoy continues to advance; we don't want to run into a situation where legimate non-malicious apps are blocked erroneously (it happens too frequently on some platforms)
Best solution (but still not fail-proof) is still the same: Only install and run apps from trusted known publishers.