Malware trojans masquerading as genuine apps spotted on the Google Play Store

Malware trojans masquerading as genuine apps spotted on the Google Play Store

Malware trojans masquerading as genuine apps spotted on the Google Play Store

Two Google Play Store apps are being used by hackers as trojans to download and install additional apps without users' permissions.

The two apps were observed leveraging techniques like time delays and code obfuscation to hide on the Google Play Store.

Researchers at security firm Zscaler have revealed that two Google Play Store apps, namely ‘Earn Real Money Gift Cards’ and ‘Bubble Shooter Wild Life’, are being used by hackers as trojans to download and install other malicious apps on users' devices.

Once both apps are downloaded, they abuse the Google Play Accessibility Service and install additional apps without user's permission. While the researchers encounter such trojan apps on third party app stores, they were surprised when they noticed such apps on the Google Play Store.

"Most recent malware families have started using obfuscators, packers, and protectors to hinder analysis from security researchers and malware detection systems," they noted.

They added that the use of delaying tactics and abuse of the Google Accessibility service to install additional payloads by malicious apps as a unique phenomenon, giving rise to concerns that there could be many more Play Store apps utilising similar techniques.

For example, the ‘Bubble Shooter Wild Life’ app requests user permission to download other apps that will support gameplay. Once a user gives permission to install additional apps, the app waits for exactly 20 minutes before triggering a malicious service. The service then launches a pop-up window, asking the user to enable 'Google services'.

If the user clicks OK, he is directed to the Accessibility Settings menu and is asked by the service to turn on 'Google services' which is, in fact, the malware’s accessibility service disguised as a Google service. To make the process look more genuine, hackers behind the malware make the user view detailed Privacy & Terms (which is copied from Google's website).

Once access permissions are given by the user, the app searches for an APK file in the Download section of the device, then opens the Settings menu to enable “Installation from Unknown Source” and completes the APK file's installation successfully.

Once they identified the two apps that installed malware on Android devices by bypassing Google's security protocols, the researchers at Zscaler reported them to Google but fear that there may be many similar apps lurking on the Play Store.

Earlier this year, Google launched Play Protect, a new malware tracking software that keeps a constant vigil on apps that have been downloaded from the Play Store. The software is designed to ensure that Android apps are as secure on devices as they are on the Play Store prior to installation. However, it seems that Google Play Protect was unable to detect the two apps that researchers at Zscaler unmasked.

Researchers at Naked Security have also warned that there could be as many as 4,000 Android apps containing SonicSpy, a powerful spyware that can infiltrate Android devices and steal sensitive user information without being noticed by users.

Three such apps, namely Soniac, Hulk Messenger, and Troy Chat, were spotted on the Play Store by the firm and were reported to Google. The researchers added that Android users who download apps from third party app stores and from the web are particularly vulnerable to the spyware.

Copyright Lyonsdown Limited 2021

Top Articles

WhatsApp's New Privacy Policy Deadline Has Arrived

At the start of 2021, WhatsApp announced its privacy policy updates, sparking outrage and backlash from its consumers as WhatsApp will share personal information with its parent company, Facebook.

Overcoming the security challenge in remote working environments

The pandemic has changed the way we work. Remote working is no longer a nice-to-have for organisations, but a necessity especially if they want to attract the best talent.

President Biden pens Executive Order to boost US cybersecurity

US President Joe Biden signed an Executive Order this week to boost the cyber security of federal government systems and data.

Related Articles