Google Play Store malware instances discovered by Dr Web

  • The report points out that the most dangerous aspect of these persistent apps in Google Play Store is spyware tools capable of stealing information from other apps’ notifications.
  • While apps allegedly containing malicious code have been removed from the Play Store, up to five of these apps remain online.
  • The activity of advertising Trojans has also increased.
  • Although Google has protections in place, a lot of malware still managed to sneak in.

Android’s hallmark has always been ‘openness’ – the platform’s enormous scale is in fact one of its main strengths. Its size, however, makes the Play Store a diverse swamp that Google must guard. Yet despite years of strengthening its scanning defenses, rogue apps continue to beat Play Store security, threatening millions of users.

The software company, Dr.Web, discovered apps with embedded adware and information-stealing malware on the Google Play Store two months ago. In a report, researchers pointed out that at least five apps are still available in the App Store and have racked up over two million downloads. Other apps allegedly containing malicious code have been removed by the Play Store, according to Dr.Web.

The report, released two weeks ago, follows Google’s monthly Android security bulletin, which described fixing a slew of critical vulnerabilities. Apparently the most dangerous of these apps has spyware tools capable of stealing information from other apps’ notifications, primarily to capture two-factor single sign-on (2FA), one-time passwords ( OTP), and thus create the possibility of a takeover. of accounts.

Threats of the month: Source: Dr.Web

Among the remaining apps, PIP Pic Camera Photo Editor, a rogue app with over a million downloads, allegedly steals users’ Facebook credentials. Dr. Web also lists Wild & Exotic Animal Wallpaper, an adware application that currently has 500,000 downloads and changes its name to SIM Tool Kit after installation. Another highlighted app was Magnifier Flashlight.

Dr. Web researchers concluded that throughout May, although the number of apps stealing notifications from other apps decreased, the activity of advertising Trojans increased. “In May, Android.Spy.4498, which steals information from other apps’ notifications, was again the most common mobile threat.”

“That said, his business continued to decline. The Android.HiddenAds family of advertising trojans also remained among the most prevalent Android threats. Their activity, on the contrary, increased slightly compared to April,” reads Dr.Web’s May 2022 virus activity review. In the report, the researchers also highlighted the emergence of new applications malware on the Google Play Store.

“Among them are fraudulent apps from the Android.FakeApp family and Android.Subscription trojans that subscribe users to paid services. In addition to this, new variants of Android.PWS.Facebook family trojans have been revealed,” the report states.

What does Google do about these apps?

Google Play has built-in mechanisms to filter every submitted app for malware, ransomware, and assorted sketches. The most obvious vulnerability in the chain is accidental end-user installation of malware. That’s why Google promotes Google Play Protect, a security service that comes with Google Play and runs by default on recent versions of Android.

According android font, by default, Google Play Protect protects a device by scanning apps before downloading them and occasionally scanning apps already installed on a device to ensure they are not infected with known malware or security vulnerabilities . “Play Protect will notify you if it finds an app with misleading or unsafe data collection policies,” it added.

In a 2017 write-up by Wiredthen Android security chief Adrian Ludwig said that Google compares its internal scanning and filtering to every other Android anti-malware product it can find.

“We make the best antivirus available for Android,” he says. But Ludwig points out that Google knows it doesn’t catch everything and has promoted sharing threat intelligence and working with third-party companies that find problems Google misses. “We struggled to figure out how to get that last percent, and we encourage the security community to reach out to us,” Ludwig added.

Essentially, the tech giant is more concerned with “making sure we’re doing the right thing than playing with the numbers.” We always reported the misfires,” Ludwig repeated. Ultimately, as Wired said five years ago, no matter how robust and advanced the Play Store’s security is, a very strict prevention mechanism is somewhat at odds with the broader design and Android’s philosophical approach that emphasizes more choices and options for its users. With a large and partially open operating system like Android, Google Play Store can be both the market leader and the most prone to hackers and all the problems that come with it.

Dashveenjit Kaur

Comments are closed.