Thursday, December 19, 2024
HomeAndroidMalicious Android Apps on Google Play With Over 2 Million Installs

Malicious Android Apps on Google Play With Over 2 Million Installs

Published on

SIEM as a Service

Several recently discovered malicious apps on Google Play have been found to display intrusive advertisements to users, with a total of over 2 million installations. These trojans attempt to hide themselves from users of Android smartphones after being installed.

According to detection statistics collected by Dr.Web for Android, the following trojans were detected, such as:

  • FakeApp trojan app – Employed in various fraudulent schemes
  • Joker Trojans – Force users to subscribe to paid services
  • HiddenAds – Display annoying ads

New Malicious Apps On Google Play

Threat actors are disseminated in the form of games like Agent Shooter, Rainbow Stretch, Rubber Punch 3D, and Super Skibydi Killer via HiddenAds Trojans. After being installed on Android smartphones, these trojans attempted to conceal themselves from users.

- Advertisement - SIEM as a Service
According to statistics collected by Dr.Web for Android #drweb
According to statistics collected by Dr.Web for Android #drweb
Agent Shooter (500k+ installs), Rainbow Stretch (50k+ installs)

“They replaced their icons, located on the home screen menu, with transparent versions and also changed their names so they were left blank,” according to Dr. Web’s report.

They may even replace their icons with the matching replica to make it appear like they were using Google Chrome. When users tap on such an icon, these trojans start the browser and keep running in the background. 

This reduces the chance that they may be removed too soon and makes them less noticeable. Furthermore, if these malicious applications fail to function, users will restart them, believing they are starting a browser.

Rubber Punch 3D(500k+ installs), Super Skibydi Killer (1M+ installs)
Rubber Punch 3D(500k+ installs), Super Skibydi Killer (1M+ installs)

Under the FakeApp family, other fake apps are distributed as financial software, such as apps for stock trading, guides and reference books, home accounting, etc.

“Their primary objective was to load fraudulent sites where potential victims were encouraged to become “investors,” reads the report.

Further, cybercriminals have used other fake applications to pose as various gaming apps. These may work as games in some situations, but their primary purpose was to load online casino websites.

Here are a few apps: Eternal Maze with 50k+ installs, Jungle Jewels with 10k+ installs, Steller Secrets with 10k+ installs, Fire Fruits with 10k+ installs, and much more.

One of the Joker family was disseminated as Love Emoji Messenger, an internet messenger, while another one was disguised as the image-collecting app called Beauty Wallpaper HD.

Please pay attention to reviews and ensure your Android phone has an antivirus installed to shield it against viruses and malicious apps.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Next.js Vulnerability Let Attackers Bypass Authentication

A high-severity vulnerability has been discovered in the popular web framework, Next.js, which allows...

CISA Issues Secure Practices for Cloud Services To Strengthen U.S Federal Agencies

In a decisive move to bolster cloud security, the Cybersecurity and Infrastructure Security Agency...

Fortinet Critical Vulnerabilitiy Let Attackers Inject Commands Remotely

Fortinet, a global leader in cybersecurity solutions, has issued an urgent security advisory addressing...

Critical Chrome Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Google has released a new security update on the Stable channel, bringing Chrome to...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Next.js Vulnerability Let Attackers Bypass Authentication

A high-severity vulnerability has been discovered in the popular web framework, Next.js, which allows...

CISA Issues Secure Practices for Cloud Services To Strengthen U.S Federal Agencies

In a decisive move to bolster cloud security, the Cybersecurity and Infrastructure Security Agency...

Fortinet Critical Vulnerabilitiy Let Attackers Inject Commands Remotely

Fortinet, a global leader in cybersecurity solutions, has issued an urgent security advisory addressing...