14 DAY TRIAL // Security company ESET has discovered at least eight applications that were infected with multi-stage Android malware and available in the Google Play Store.
Before anything else, it’s important to know that Google has already been informed about these apps and has since removed them, but it’s essential to always watch out for more similar attempts as it’s apparently still possible for malware to make it to the Play store.
ESET says the apps were infected with Android/TrojanDropper.Agent.BKY malware and used a multi-stage approach to trick people into believing they downloaded clean apps.
Using common names like world news and cleaner, these apps did not ask for any special permission, which in most cases is a sign of suspicious activity, and look just like a legitimate app with no clear indication of a possible infection. In the background, however, they download a different app that helps trigger a notification asking for users’ permission to install.
Several hundred downloads
Most often, these silently downloaded applications pose as a Flash Player update, and if they’re granted the required permissions, they download another payload that’s being used to steal user information. ESET says this is a mobile banking trojan that looks for online banking apps on the device and collects info like credit card data.
“One of the malicious apps downloads its final payload using the bit.ly URL shortener. Thanks to this, we were able to obtain download stats: as of November 14, 2017, the link had been used almost 3000 times with the vast majority of hits coming from the Netherlands,” ESET says.
“Two of most recent samples of Android/TrojanDropper.Agent.BKY were caught downloading either MazarBot, a notorious banking trojan, or spyware.”
Google has already removed the apps from the Play Store and the security vendor says that they’ve only been downloaded a few hundred times, though it’s still worrying not only that malware makes it to the store, but also that more apps could turn to more complex multi-stage infections to bypass protections.