Seven malicious apps reappeared in Play store with slightly different names under a new publisher account.
Those malicious apps are already reported to Google by Symantec researchers and the original apps were already removed. The malware Android.Reputation.1 found hidden at least in seven of apps in the U.S. that offered fun and cool features.
The malware dubbed Android.Reputation.1 appears to be in emoji keyboard additions, space cleaners, calculators, app lockers, and call recorders.
Once it installed to the device it follows a number of methods to stay Persistent on the device, it erases the tracks and disappears.
The malware used to wait for a number of number hours to launch malicious activity, so as to avoid getting detected by the user.
It has an ability to change the icon after installation, it uses trusted icons of Google play store and Google maps. Also, the app tries to elevate the privileges and it uses Google Play icon while requesting administrator privileges.
The installed malicious apps push ads through Google Mobile Services, and URLs are launched in the web that redirects the users to the scam pages like “Congratulations, you won“
Package Names used by Malicious apps Reappeared
Common Defences and Mitigations
- Give careful consideration to the permission asked for by applications.
- Download applications from trusted sources.
- Stay up with the latest version.
- Encrypt your devices.
- Make frequent backups of important data.
- Install anti-malware on their devices.
- Stay strict with CIA Cycle.