Phone Cleaner and Security Apps Were Scams

Two more applications have been removed from the Google Play Store after turning out to be a front for malware. As always in such cases, users who already have the apps installed need to uninstall them as this won't happen automatically.

The apps in question are called Mister Phone Cleaner and Kylhavy Mobile Security. They had 50,000 and 10,000 downloads respectively before Google pulled the listings.

The scam in these cases has a couple of key differences from the familiar story of scammers disguising malware as legitimate apps and finding a way to bypass Google's security checks. That suggests the scammers are adjusting their tactics in an ongoing game of cat and mouse.

Fake Security Tool

One difference is that previously most scam apps have been promoted as fulfilling a single specific purpose such as a flashlight or level. That's comparatively simple to program, but also create a false sense of reassurance when they perform as advertised. That means it takes longer for negative reviews to deter downloads.

The two latest scams involve tools that supposedly remove unwanted files and (ironically enough) find and remove malware. It's questionable how well they actually work, but even creating a bogus version of tools may take extra work for the scammers.

Another difference is that these two scams don't involve tricking users into granting the apps access to permissions. These are often the key to allowing the app to carry out unwanted activities, such as abusing accessibility features. One tactic involved an automated series of "clicks" to complete the full download and installation process to put malware on the phone.

Malware Targets Banking

Instead, the scam apps use a bogus request to authorize an important security update. In reality, this allows the apps to download some nasty malware called Sharkbot. Its capabilities include intercepting text messages, recording keystrokes, and creating fake login-screens designed to capture online banking details. (Source: thehackernews.com)

Sharkbot also attempts to find and copy cookies when a user is logged in to a financial account. Having the right cookie can make it easier to breach an account as it can reduce the bank's security checks on the supposed customer. (Source: bleepingcomputer.com)

What's Your Opinion?

Are you surprised bogus apps are still getting into the Play Store? Should Google remotely uninstall apps from devices after removing them from the store for security reasons? How confident are you that all the apps on your device are legitimate?