Photo of Google Play Store Icon
© BigTunaOnline/Shutterstock.com

Cybersecurity researchers have discovered a group of malicious apps on Google’s Play Store that may have compromised over one million Android devices.

In a report published on Friday, Dec. 2, Doctor Web said its analysts found several apps on the Play Store that contain trojans, adware, spyware, and riskware. They also found apps designed to scam victims or access their personal information.

According to the Russian online security company, these malicious apps were disguised as utility tools, investment apps, and other software.

Malicious Apps on Google Play Store

In October, Doctor Web analysts tracked malicious apps on the Play Store.

One of the tools they found, “Fast Cleaner & Cooling Master,” is a trojan that has been downloaded over 500,000 times. The threat actors apparently have backdoor access to this app, and they used it to launch proxy servers on compromised devices.

Earlier this month, we reported on another Android trojan posing as an educational tool that infected about 300,000 users to steal their Facebook credentials. That trojan was controlled through one of the backdoors the researchers found these cybercriminals using — Firebase Cloud Messaging.

Most of the apps the researchers found were controlled via Firebase Cloud Messaging or AppMetrica Push SDK. Firebase Cloud Messaging is a free tool developed by Google that allows developers to send notifications to users. While AppMetrica Push SDK is a tool used to send out push notifications.

Another malicious app called TubeBox, with over a million downloads, tricked users into believing they could make money by viewing videos and ads. But, when users tried to withdraw their earnings, they were told there were issues with the app preventing them from doing so.

“The creators of this app tried to string their victims along for as long as possible so that they would continue watching videos and ads, earning money not for themselves but for the fraudsters,” Doctor Web said.

The researchers also found several fake investment apps that claimed to have ties to “Russian banks and commodity companies.” These apps were an elaborate front for a phishing scheme. They directed users to fraudulent websites where they were required to participate in surveys, register an account, or submit applications.

Most of these malicious apps have already been removed from the Play Store.

Novel Threats

Among the malware Doctor Web researcher found were variants of a trojan that can hijack notifications on Android devices and steal sensitive data. The virus can also “download apps and prompt users to install them, and display various dialog boxes.”

They found variants of “a trojan that displays obnoxious ads.” These viruses can camouflage in apps and evade user detection by hiding their icons from the home screen. “In some cases, other malware can install them in the system directory,” the study said.

The researchers also found spyware that monitors Android user activity in several ways, allowing threat actors to read user SMS messages and chats, access the microphone, track device location, and access browser history. They could even access victims’ phonebooks and contacts, media, and take screenshots and pictures. The app also has keylogging capabilities.

The Doctor Web team even found software that can hijack applications “designed to record videos and take photos” and disable any notifications about ongoing recordings.

Some dedicated tools “used to automatically modify and scramble the source code of Android apps to make reverse engineering more difficult” were also found in the malicious apps.

Approach App Stores With Caution

Researchers often discover malicious apps on the Play Store, prompting Google to remove them. Over the past few months, there have been several reports of malicious apps on Google’s app store. In October, Meta researchers identified 400 malicious mobile apps on the Google Play store. And, just last month, MalwareBytes Labs found a family of trojans on the Play Store that has infected over one million devices.

Due to the sheer size of the Play Store, it is incredibly difficult for Google moderators to analyze all apps individually before they are made available to the public. That’s why it’s important to exercise caution when downloading apps from this or any app store.

It’s advisable to read about an app before you download and install it on your device. Also, if you come across apps with strange names that seem dodgy, they’re probably unsafe.

We recommend using a good antivirus. Check out our article don’t the top five best antivirus apps of 2022 for some suggestions.

Leave a comment