Posted on December 6, 2022 at 9:36 AM
Apps containing malware with 2 million installs found on Google Play Store
Researchers have identified a new set of malware on Android devices. The malware is being used to conduct phishing and adware campaigns. This malware has been implanted on apps within the Google Play Store. More than 2 million people have already installed the malware in question.
Android malware apps detected on the Google Play Store
The malware apps in question were detected by Dr. Web antivirus. The latter is an antivirus solution that helps users mitigate the risks of having armful software installed on their devices.
Dr. Web antivirus detected that the malware pretended to be providing valuable utilities and system optimizers. However, in reality, these apps degraded the performance of the device where they were installed. When the users installed the malware, it resulted in the slow performance of the user’s device. It also triggered an increase in the number of ads, while a user’s experience on their device also dropped significantly.
One of the apps that Dr. Web has detected has more than one million downloads. This app is dubbed TubeBox. The app was listed on Google Play Store and had many downloads.
TubeBox is an app that promises users monetary rewards when they watch videos and ads on the app. However, the app has never delivered on these promises. When the users try redeeming the promised rewards, the app presents several errors, making it impossible for the earned rewards to be collected.
Moreover, some users who completed the final withdrawal step never received any withdrawn funds, according to the researchers. The malicious actors behind the app used monetary promises and gave users the hope of winning their rewards from the platform to keep them on the app for as long as possible. Moreover, users who watched ads generated revenues for the developers. However, the developers never shared the revenues with the app developers as promised in the offering.
Other malware apps on Google Play Store
Several malware apps have infiltrated the Google Play Store. These apps were detected on the platform on October 2022. However, they have already been taken down by Google to ensure they will not be downloaded again. Nevertheless, by the time these apps were taken down, they had already caused significant harm to users.
One of these apps includes Bluetooth device auto connect, which had one million downloads by the time it was detected. The other is Bluetooth & Wi-Fi & USD driver that had 100,000. The Volume Music Equalizer app also had 50,000 downloads when it was taken down from the Google app marketplace. Fast Cleaner & Cooling Master, which promised users to optimize their Android devices’ performance, had 500 downloads.
These apps receive their commands from Firebase Cloud Messaging. They would later load the websites specified in the commands by generating fraudulent ad impressions on the affected devices.
One of the apps mentioned above, Fast Cleaner & Cooling Master, had one of the lowest download volumes. The remote operators of this malicious app could alter the target devices to function as proxy servers. This proxy server could allow malicious actors to send their traffic using the infected device.
Dr. Web has also detected an influx of loan apps on Google Play Store that use the same technique to target victims. These scam loan apps claim to have a relationship with investment groups and banks based in Russia. The loan apps have low download volumes, with each averaging around 10,000 downloads.
These apps were also promoted using malvertising and other applications. They promised users that they would receive guaranteed investment profits. However, instead of users receiving the promised profits, the apps took the users to phishing websites that would collect their personal information.
Google Play Store has usually listed several malicious apps. When these apps are being taken down, they are already downloaded and affect thousands of user devices. Therefore, Android users are advised to take several measures to protect themselves from such apps in the future.
One of the ways that users can protect themselves is by using the review section in each app. Looking at the negative reviews on each app and analyzing the privacy policy will guarantee that you can authenticate the developers.
Moreover, it is also advisable to have a limited number of installed applications on your device. One of the best practices is to regularly check whether the Google Play Protect feature has been enabled.