Cyber Security Center

25 malicious apps removed from Google Play Store


Yet another set of malicious apps have been found on Google Play Store, with over 2.1 million downloads.

Screenshot (92)

25 malicious apps, concealed as fashion and photo editor applications, have been found on Google Play Store, according to software company Symantec. Reportedly, the apps were published under 22 different developer accounts. Collectively, the apps had over 2.1 million downloads.

The apps did not exhibit malicious behaviour immediately after installation. They downloaded malware configuration files, which enable the apps malicious features, including displaying intrusive advertisements and hiding the apps’ icons. Once the malware is fully operational, users start seeing large amounts of advertisements on their Android phones.

25 malicious apps bypassed Google’s security

The 25 apps were able to bypass Google security measures because developers did not hardcode the malicious functions in the Android Package Kits that were submitted for review.

“Instead, the switch is controlled remotely via the downloaded configuration file, allowing the malware developer to evade Google Play’s rigorous security testing,” Symantec’s threat intelligence team explains in their blog post. They believe the 25 apps were developed by the same group as they share a similar code structure and app content.

When the malicious app is installed, it downloads the configuration file, extracts and applies the settings. Symantec notes that keywords like “app_hideIcon” in the malware code are encoded and encrypted.

“Various encryption keys and initialization vectors (IV) were used across all 25 APKs we found on Google Play, which we believe is an effort on the malware authors’ part to avoid rule-based detection by antivirus scanners.”

The apps hide their icons from users and then start displaying adverts, even if the app is closed. The hidden icons make it difficult for users to identify which apps are causing the ads. The displayed ads are full-screen and show no app title. The likely aim of such apps is to generate revenue by showing users intrusive advertisements.

The apps have since been removed. This is just one of many instances where malware was able to bypass Google’s security. The company has been having a difficult time keeping Google Play Store malware-free, which has drawn a lot of criticism. Nevertheless, users are still better off sticking to Google Play for app downloads than using third-party stores. However, users should be very careful, always look into the app developer, read reviews, be skeptical of requested permissions, etc.

Popular anti-virus apps for Android should be able to detect the malicious app and delete them without much issue.