Seven apps confirmed to be infected with malware

May 15, 2018 11:21 GMT  ·  By

Despite Google struggling to make the Play Store a safe home for Android apps, malware keeps sliding in, exposing users and their data as soon as compromised items are installed.

A report from security vendor Symantec reveals that seven different apps that were originally banned from the Store for being infected with Android.Reputation.1 are now available for download once again, only that using a different name and icons that make them look legitimate.

The apps feature the same code as the original ones that got banned but somehow sneaked into the store with the different name and publisher.

Symantec says the apps are mostly cleaners, calculators, app lockers, and call recorders, and use the same tactic to compromise Android devices.

Malware behavior

Once downloaded, the malware waits a few hours before launching its malicious activity in an attempt to trick people into believing that they are legitimate. They request administrator privileges and use Google Play icons to hide their true purpose, while also featuring capabilities to change launcher icon and running apps icon in the system settings.

Last but not least, Symantec says the purpose of these apps is to “deliver content to the device for profit.”

“It should be noted that this is highly configurable and extensible. Currently, ads are pushed to the phone via Google Mobile Services, and URLs are launched in web views that redirect to […] ‘you won’ scam pages,” Symantec explains.” This configuration takes advantage of the legitimate and ubiquitous ‘Firebase Messaging’ service, copying yet another service into a command and control (C&C) service.”

Obviously, the easiest way to remain protected is to avoid downloading apps from untrusted sources and always, but always, double-check the permissions that they require. If an app like a calculator seeks device administrator rights, it’s pretty clear that something’s fishy there, so blocking it must the only way to go.