Thursday, December 7, 2023

35 Malware Android Apps With over 2 million Installation Found on the Google Play Store

It has become increasingly common for threat actors to use Google Play Store to attempt to get malicious applications listed there in recent years. In terms of trafficked Android app sources in the world, Google Play Store is considered the most popular.

On the Google Play Store, a new collection of 35 Android apps that are malicious in nature and display unwanted ads has been discovered by Bitdefender.

More than 2 million times, these apps have been downloaded to the mobile devices of victims worldwide. An analysis based on the behavior of the app, which was performed in real-time by Bitdefender researchers, revealed the potentially malicious apps. 

In the real-time detection of potential threats, this is certainly one of the most efficient methods available. There are a lot of apps out there that pretend to be specialized applications and use these tactics to entice users to install them. 

However, they often change their names and icons shortly after being installed, making uninstalling and finding them more difficult. This then leads to the malicious apps being used by users to serve intrusive advertisements by exploiting the WebView technology

As a result, their operators are able to generate fraudulent impressions and advertising revenues for profit. As these apps utilize their own framework for loading the ads, there is a possibility that some infected devices could be infected with additional malicious payloads.

Various Methods of Hiding

In addition to the implementation of multiple methods of hiding on Android devices, adware apps may also receive updates in order to make hiding on Android devices an easier process.

As soon as the apps have been installed, the icons are usually changed to a cog, and they are renamed to ‘Settings’. This is done so that they cannot be detected and deleted.

The malware application is launched with a size of 0 when the user clicks on the icon as it hides from view. In order to trick users into believing they have launched the correct app, the malware launches the legitimate Settings menu as a disguise.

The apps may sometimes appear as if they are part of a Motorola, Oppo, or Samsung system application with the look and feel of these brands.

A considerable amount of code obfuscation and encryption is also employed in the malicious apps, which are designed to thwart reverse engineering attempts. This is achieved by encrypting two DEX files that contain the main Java payload.

Alternatively, apps can be excluded from the list of recent apps so as to remain hidden from the user. Consequently, exposing active processes will not reveal them if they are running in the background.


Here below, we have mentioned all the recommendations offered:-

  • Make sure you do not install apps that are not really necessary for you.
  • If you are no longer using an app, make sure you delete it.
  • A well-established app that has few or no reviews and a large number of downloads should be avoided.
  • Apps requesting special permissions, such as Drawing over apps or Accessibility, should be avoided.
  • Make sure you do not install any apps that request permissions that are unrelated to the functionality they claim to offer.
  • Install a security solution that is capable of detecting malicious activity in the background.

Sponsored: Rise of Remote Workers: A Checklist for Securing Your Network – Download Free White paper


Latest articles

Bluetooth keystroke-injection Flaw: A Threat to Apple, Linux & Android Devices

An unauthenticated Bluetooth keystroke-injection vulnerability that affects Android, macOS, and iOS devices has been...

Atlassian Patches RCE Flaw that Affected Multiple Products

Atlassian has been discovered with four new vulnerabilities associated with Remote Code Execution in...

Reflectiz Introduces AI-powered Insights on Top of Its Smart Alerting System

Reflectiz, a cybersecurity company specializing in continuous web threat management, proudly introduces a new...

SLAM Attack Gets Root Password Hash in 30 Seconds

Spectre is a class of speculative execution vulnerabilities in microprocessors that can allow threat...

Akira Ransomware Exploiting Zero-day Flaws For Organization Network Access

The Akira ransomware group, which first appeared in March 2023, has been identified as...

Hackers Deliver AsyncRAT Through Weaponized WSF Script Files

The AsyncRAT malware, which was previously distributed through files with the .chm extension, is now being...

BlueNoroff: New Malware Attacking MacOS Users

Researchers have uncovered a new Trojan-attacking macOS user that is associated with the BlueNoroff APT...

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles