Android from Google is probably the most flexible operating system for mobile, popular, and also very capable. But it does have issues in terms of security.
While Google does improve the Android ecosystem, the Google Play Store is still found to be the comfortable home for many malicious apps. This time, cybersecurity researchers from Dr.Web have discovered yet more Android apps that were pushing ads and stealthily subscribing people to premium services.
The researchers reported that these trojan apps, all found on Google’s official Play Store app repository, were cumulatively installed roughly two million times.
The apps were pretending to be games, messengers, and wallpaper apps, among others, and were mostly distributing three known malware families like FakeApp and HiddenAds.
And of course, also the notorious Joker.
Upon installing one of these apps, they would immediately change their icon on the device, to something that is popular and ubiquitous, like the Chrome web browser, for example.
In some cases, the researchers said, the malicious apps can even remove their icons altogether.
In the background, the apps would quietly deliver ads to victims when victims browse websites using a web browser.
Ads that can be shown include, and not limited to: casino websites, fake investments, and similar - all of which are in violation of Google’s policies.
The malicious apps include:
- Eternal Maze (Yana Pospyelova).
- Jungle Jewels (Vaibhav Wable).
- Stellar Secrets (Pepperstocks).
- Fire Fruits (Sandr Sevill).
- Cowboy's Frontier (Precipice Game Studios).
- Enchanted Elixir (Acomadyi).
There are two Joker-infected apps, which subscribe users to premium paid services. They include:
- Love Emoji Messenger (Korsinka Vimoipan).
- Beauty Wallpaper HD (fm0989184).
The biggest trojan that managed to move past Google’s defenses and into the Play Store is the Super Skibydi Killer, a game app with a million downloads.
Other notable mentions include Agent Shooter (500,000 downloads), Rubber Punch 3D (500,000 downloads), and Rainbow Stretch (50,000 downloads).
Fortunately Google has removed all of the apps from the Play Store.
However, those who have downloaded the apps can only be safe if they remove them from their endpoints, manually.
Read: Google Purged 'The Joker', A Malware Residing On Popular Apps In Play Store