Google Play malware: If you’ve downloaded these malicious apps, delete them immediately

a-man-sitting-in-his-living-room-looking-at-his-smartphone-with-concern

A man sitting in his living room looking at his smartphone with concern.

Image: Getty/damircudic

Over two million Android users have downloaded a series of malicious apps that bypassed security protections to get into the Google Play app store, researchers have warned.

After installation, the apps use sneaky techniques to hide themselves from the user to avoid being removed, while serving up malicious ads that can link directly to malware

A total of 35 “clearly malicious” apps in the Google Play store have been discovered and detailed by cybersecurity researchers at Bitdefender, many of which duped victims into downloading them.

If users have downloaded any of the apps, it’s recommended they find and delete them immediately.  

A Bitdefender spokesperson told ZDNET that the company has contacted Google about the malicious apps in the Play Store. ZDNET has contacted Google, but is yet to receive a response at the time of publication.  

It’s common for malware-laden apps to look clean enough to bypass app store protections, because they only connect to the servers where they receive the malicious download after they have been installed on the user’s device.

According to Bitdefender, many of the apps are still available to download at the time of writing.

One of the apps discovered by researchers is called GPS Location Maps, and it’s been downloaded by over 100,000 users. According to researchers, after being downloaded the app changes its label from ‘GPS Location Maps’ to ‘Settings’ to make it difficult to find and remove, while it serves pop-up ads linking to malicious websites. 

This, and many of the other dangerous apps identified by Bitdefender, also gain permission to display over the top of other apps in attempts to force the user to click through. Some of the apps also simulate user clicks to click through to adverts, helping them create illicit profits from enforced visits. 

SEE: Hackers are finding ways around multi-factor authentication. Here’s what to watch for

Those behind the GPS Location Maps have put a lot of effort into ensuring the malicious app is difficult to reverse engineer and examine, with the main Java payload hidden inside encrypted files. Even when the files are decrypted, the code remains obfuscated. 

The malicious app also uses another technique to stay hidden – it doesn’t appear in the list of most recently used apps on Android devices.

Each one of the malicious apps uses similar behaviours once downloaded, serving up adverts while disguising the icon as something else in order to hide it. Some of the malicious apps which have been downloaded over 100,000 times include apps called Personality Charging Show, Image Warp Camera and Animated Sticker Finder. 

Each of the malicious apps is listed as the only app published by a single developer, but their email addresses and websites are all very similar, leading Bitdefender to believe all of the apps could be the work of a single group or individual. Other apps that have been downloaded more than 100,000 times include Personality Charging Show, Image Warp Camera and Animated Sticker Finder. 

“While official stores are usually very good at weeding malicious or dangerous applications out, some history shows that a small number of bad apps manage to get through and make victims until they get reported. Just because we download an app from the official store doesn’t mean it will be safe,” said researchers. 

Users should always be careful about what they download, and be particularly wary of apps by unknown developers which have large numbers of downloads but no reviews. 

Users should also scrutinize apps that request access to permissions that have nothing to do with the advertised functionality. 

“Just because an app is downloaded from an official store doesn’t mean it’s safe,” warned researchers. 

MORE ON CYBERSECURITY

READ MORE HERE