Over 2 million downloads: 35 malicious Android apps found on Google Play
Over 2 million downloads: 35 malicious Android apps found on Google Play.
Bitdefender security researchers have discovered a new batch of 35 malicious Android apps in the Google Play Store with over 2 million total downloads .
These apps lure users into installing them by pretending to offer some specialized functionality, but change their name and icon immediately after installation, making them difficult to discover and uninstall.
And by abusing the WebView to serve intrusive ads to users; since these apps use their own framework to load ads, additional payloads may be delivered on infected devices.
According to the presentation, these adware apps implement multiple methods to hide on Android and even receive future updates to make it easier to hide on the device.
Once installed, these apps often have a gear icon and rename themselves to “Settings” to evade detection and removal.
If the user taps the icon, the application launches a 0-sized malware application to hide from view.
The malware then launches the legitimate Settings menu, tricking the user into thinking they are launching the correct application.
In some cases, these apps take on the appearance of Motorola, Oppo, or Samsung system apps.
The malicious application also has extensive code obfuscation and encryption to thwart reverse engineering efforts, hiding the main Java payload in two encrypted DEX files.
Another way for these apps to hide from users is to exclude themselves from the “Recent Apps” list, so even if they are running in the background, exposing active processes won’t show them.
The 35 malicious Android apps had downloads ranging from 10,000 to 100,000, with a total of more than 2 million downloads.
The most popular of these are the following, each with 100,000 downloads. As follows:
- Walls light – Wallpapers Pack (gb.packlivewalls.fournatewren)
- Big Emoji – Keyboard 5.0 (gb.blindthirty.funkeyfour)
- Grand Wallpapers – 3D Backdrops 2.0 (gb.convenientsoftfiftyreal.threeborder)
- Engine Wallpapers (gb.helectronsoftforty.comlivefour)
- Stock Wallpapers (gb.fiftysubstantiated.wallsfour)
- EffectMania – Photo Editor 2.0 (gb.actualfifty.sevenelegantvideo)
- Art Filter – Deep Photoeffect 2.0 (gb.crediblefifty.editconvincingeight)
- Fast Emoji Keyboard APK (de.eightylamocenko.editioneights)
- Create Sticker for Whatsapp 2.0 (gb.convincingmomentumeightyverified.realgamequicksix)
- Math Solver – Camera Helper 2.0 (gb.labcamerathirty.mathcamera)
- Photopix Effects – Art Filter 2.0 (gb.mega.sixtyeffectcameravideo)
- Led Theme – Colorful Keyboard 2.0 (gb.theme.twentythreetheme)
- Animated Sticker Master 1.0 (am.asm.master)
- Sleep Sounds 1.0 (com.voice.sleep.sounds)
- Personality Charging Show 1.0 (com.charging.show)
- Image Warp Camera
- GPS Location Finder (smart.ggps.lockakt)
Tech site Bleeping Computer contacted Google about the matter.
And pointed out that “Walls light – Wallpapers Pack”, “Animated Sticker Master” and “GPS Location Finder” are still available on the Play Store as of press time .
The rest of the listed apps are available on multiple third-party app stores such as APKSOS, APKAIO, APKCombo, APKPure, and APKsfull, but the download counts shown are from their time on the Play Store.
That said, if you’ve installed any of these apps in the past, you should find and delete them from your device immediately.
Since these apps masquerade themselves as settings, running a mobile AV tool to locate and remove them may help in this case.