New Android Malware Discovered

John Lister's picture

Some Google Play Store apps with more than a million downloads have turned out to house malware. It's a reminder that however good Google's security vetting process is, it's not perfectly reliable.

Two security companies, ThreatLabZ and Evina, say they found a total of 60 apps that are or have been in the Play Store and house one of four "families" of malware.

One type appears to be new and has been dubbed Autolycos by researcher Maxime Ingrao. Promoted via Facebook and Instagram ads, the apps use a common technique. They are listed as carrying out a specific feature, which they deliver as advertised, but are secretly exploiting Google's security to carry out another function.

In this case the idea is to steal contact details and SMS text message information, then sign up the user to premium "wireless application protocol" services. These take money from the user via charges collected on a cellphone service bill.

Some of the most downloaded apps housing Autolycos included Vlog Star Video Editor and Creative 3D Launcher with a million downloads each, Funny Camera with 500,000 downloads and Gif Emoji Keyboard with 100,000 downloads.

Joker Not Funny

Other apps taken down by Google housed malware including Joker, which aims to click on ads in the background, using up phone resources; Facestealer, which aims to trick the user into typing Facebook account details into a bogus login screen; and Coper, which tries to access online banking details. (Source: zscaler.com)

The tactics these apps use include tricking users into granting an Android permission that makes them the default SMS messaging app on the phone. (Source: theregister.com)

While Google tries to block malware from getting into its store, it seems the creators are successfully disguising the code to get through automated checks. In some cases, they use a "dropper app" that downloads malware after being installed on the phone.

How To Protect Yourself

There's no sure-fire way to avoid Android malware, and using the official Google Play Store is still regarded as much safer than third party sources of apps.

However, security experts say users should never simply assume an app is safe just because it's in the official store.

Users can limit their risk by checking the app developers have a good reputation and looking for reviews and mentions of apps outside of the Google Play Store itself (which scammers often flood with fake reviews.)

Other tips include being wary of apps that only carry out a single function, and thinking carefully before granting an Android permission for an app, particularly if it doesn't seem relevant to the app's stated purpose.

What's Your Opinion?

Do you use the Google Play Store regularly? Does Google do enough to vet apps before they appear in the store? What measures do you take to reduce the risk of malware on your phone?

Rate this article: 
Average: 5 (4 votes)