Monday, November 4, 2024
HomeAndroidAndroid Malware on Google Play with 2 Million Installs Steal Sensitive Data

Android Malware on Google Play with 2 Million Installs Steal Sensitive Data

Published on

Malware protection

More than two million Android users have been tricked into installing a set of malicious, phishing, and advertising apps via the Google Play store.

Dr. Web antivirus discovered that these apps were disguised as essential utilities and system optimizer tools. But, in reality, these apps are not utility tools, as they are malware disguised as legitimate apps as we hinted earlier.

The TubeBox app is exemplified by Dr. Web as one of the apps that have reached one million downloads in the Google Play Store in a short amount of time.

- Advertisement - SIEM as a Service
App in play store

However, at the moment this app has been removed from the Google Play Store. While there seemed to be a noticeable rise in the number of banking trojans and apps that permit users to be spied on.

Watching videos and ads on TubeBox provides users with the opportunity to earn money. But, when it came to redeeming the rewards collected by the user, it presented various errors, as if the system had failed to deliver on its promises.

Ads Displayed

Other Adware Apps Detected

Here below we have mentioned the other adware apps that were detected by the antivirus company, Dr. Web:-

  1. App name: Bluetooth device auto-connect
  2. Publisher: bt auto-connect group
  3. Downloads: 1,000,000 downloads
  1. App name: Bluetooth & Wi-Fi & USB driver
  2. Publisher: simple things for everyone)
  3. Downloads: 100,000 downloads
  1. App name: Volume, Music Equalizer
  2. Publisher: bt autoconnect group)
  3. Downloads: 50,000 downloads
  1. App name: Fast Cleaner & Cooling Master
  2. Publisher: Hippo VPN LLC
  3. Downloads: 500 downloads

In order to load the websites that are specified by the threat actors in these commands, these malicious apps receive commands from Firebase Cloud Messaging. As a result, on infected devices, all these malicious apps generate deceitful ad impressions in an attempt to make monetary gains.

Interestingly, one of the remote operators was even able to configure an infected device to act as a proxy server in the case of Fast Cleaner & Cooling Master, which had a low number of downloads. 

This enables threat actors to direct their illicit traffic via devices that are infected, and this complete mechanism is accomplished with the help of the proxy server that was created by the threat actors.

Loan Scam Apps

A set of loan scam applications was also discovered by Dr. Web, claiming to be affiliated with the following organizations:-

  • Russian banks
  • Investment groups

The average number of downloads on Google Play for each of the apps was 10,000. Here below we have mentioned the names of some of those apps:-

  • Против санкций всей страной (The entire country against sanctions)
  • Дарим 10 акций бесплатно (We grand 10 free shares)
  • Заработайте уже во время обучения (Earn while you still learning)
  • Я дам вам 100 000 USD, если вы не станете миллионером за 6 месяцев (I will give you 100 000 USD if you are not a millionaire in 6 months)
Ads Displayed by app

As a result of malvertizing advertisements in other apps, these apps were marketed as investment apps that were supposed to offer guaranteed profits. As a matter of fact, the apps redirect users to phishing websites that collect personal information from them.

Recommendations

You should always check the following things when downloading apps from Google Play to protect yourself from downloading malicious apps:-

  • Always check for negative reviews.
  • Make sure to scrutinize the privacy policy.
  • Evaluate the authenticity of the developer by visiting the developer’s site.
  • Make sure that your device has a minimum number of apps installed on it.
  • The Play Protect feature of Google’s Play Store must be enabled in order for it to function properly.

Managed DDoS Attack Protection for Applications – Download Free Guide

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

MediaTek High Severity Vulnerabilities Let Attackers Escalate Privileges

In its recent MediaTek Product Security Bulletin, the chipmaker disclosed two high-severity security vulnerabilities...

Threat Actors Allegedly Claiming Leak of Dell Partner Portal Data

A well-known dark web forum threat actor allegedly claimed responsibility for leaking data from...

Securing Your SaaS Application Security

The rapid growth of cloud computing has made SaaS applications indispensable across industries. While...

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

MediaTek High Severity Vulnerabilities Let Attackers Escalate Privileges

In its recent MediaTek Product Security Bulletin, the chipmaker disclosed two high-severity security vulnerabilities...

Threat Actors Allegedly Claiming Leak of Dell Partner Portal Data

A well-known dark web forum threat actor allegedly claimed responsibility for leaking data from...

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...