Description
Some new malicious android apps were recently discovered to have infiltrated Google Play store, infecting devices with malware, adware and apps with phishing tactics.
Summary
This recent surge has amounted to over two million downloads in total according to research done by the team at Dr. Web. The apps that were discovered were seen pretending to be utilities, optimizers and get-paid-to apps that ultimately leads to a degrade in performance and user experience, ads and stolen information.
One app that has accumulated over one million downloads is called TubeBox, which is still available on the Google Play store as of December 4, 2022. This is a get-paid-to app that claims users can earn monetary rewards for watching videos (more specifically YouTube videos) and ads through its platform however there are no rewards, and it is a trap to get users on the app for as long as possible to generate revenue for the developers of the app. Some other adware apps that appeared in October 2022 that had an extended number of downloads were:
Bluetooth device auto connect by (bt autoconnect group) with 1,000,000 downloads
Bluetooth & Wi-Fi & USB driver by (simple things for everyone) with 100,000 downloads
Volume, Music Equalizer by (bt autoconnect group) with 50,000 downloads
Fast Cleaner & Cooling Master by (Hippo VPN LLC) with 500 downloads
According to the researchers at Dr. Web, the apps mentioned above receive commands from Firebase Cloud Messaging and load websites specified in these messages, generating specific, fraudulent ads in the compromised devices. In addition, the Fast Cleaner & Cooling Master app has the ability to be configured as a proxy server, therefore allowing the developers to direct traffic through the compromised device.
The final discovery by the researchers shows over ten Russian loan scam apps claiming to have a relationship with Russian banks and investment groups, with each having over ten thousand downloads. These apps were said to be promoted through malvertising and promise users investment profits and high income however the app makes use of phishing sites to collect users” personal information.
Remediation
To protect against fraudulent apps on Google Play store, Android users are advised to always verify the authenticity of apps and only download from reputable developers. It is also advised to always check reviews for apps and the privacy policy to verify what information is being collected by the app.
The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary.
PDF Download: Malicious Android apps spotted on the Google Play store.pdf
References
Toulas, B. (2022, December 4). Android malware apps with 2 million installs spotted on Google Play. Retrieved from the BleepingComputer. https://www.bleepingcomputer.com/news/security/android-malware-apps-with-2-million-installs-spotted-on-google-play/
Dr. Web Research Team. (2022, December 2). Doctor Webs October 2022 review of virus activity on mobile devices. Retrieved from Dr. Web https://news.drweb.com/show/review/?lng=en&i=14617