gizmosure

Tag: Malware

  • Adware apps with over 500 million donwloads found in the PlayStore

    Adware apps with over 500 million donwloads found in the PlayStore

    Yet again, apps ridden with nasty malware were found in the PlayStore. Google has faced some serious criticism in recent months as malicious applications have often found a way to get into the Play Store. These sketchy applications witness millions of downloads before being deemed as dangerous and removed subsequently.

    The latest culprits happen to be four VPNs and two selfie apps, which have collectively racked up over 500 million installs. These apps contain harmful adware that seeks sensitive system information which according to researchers, can cause serious damage. The VPN apps in question include HotSpotVPN, Free VPN Master, Secure VPN, or CM Security Applock AntiVirus. All these four apps originate in China and bombard users’ with fraudulent ads. The four Android VPNs have been collectively installed more than 500 million times.

    “In case of outside ad fraud ads pop up while apps are running in the background or even outside the app environment (e.g. ad views placed on the home screen and covering app icons that users must reach to start new apps). As a user, not only do I think it’s treacherous for a privacy app to abruptly intrude my phone screen, but the constant HTTP requests keep the phone CPU heated and drain phone battery,” researcher Andy Michael wrote in a blog post.

    Meanwhile, the two camera apps deemed as a security risk are Sun Pro Beauty Camera and Funny Sweet Beauty Selfie Camera. Both of these apps were identified by security researchers to have racked up more than 1.5 million downloads infecting devices with adware. These camera apps were bombarding screens with full-screen ads and even continued to display ads when the pop-up remained unopened.

    Security researchers at Wandera suggest that the permissions requested by these apps can cause more harm than just filling screens with fraudulent ads. These include installing shortcuts, serving fake system alerts, as well as recording audio without user permission.

    “Intrusive out-of-app ads interrupt users in the middle of their workflow, brick their devices, drain the device battery, and in some cases, infected devices need to be replaced altogether,” explained security researchers at Wandera.

    Naturally, researchers have advised that if any of these apps are installed on your device, you should delete them right away.

  • Google gets rid of 85 malicious apps from the Play Store

    Google gets rid of 85 malicious apps from the Play Store

    Google has removed 85 dangerous apps from the PlayStore, after security experts found such apps to contain adware. According to researchers at TrendMicro, these apps were available on the Play Store as games, TV, and remote control simulator apps.

    “This adware is capable of displaying full-screen ads, hiding itself, monitoring a device’s screen unlocking functionality, and running in the mobile device’s background,” explained the researchers at Trend Micro in the blog.

    The report further notes that these malicious apps have witnessed over nine million downloads on the Android PlayStore. One of these apps, called ‘Easy Universal TV Remote’, was the most downloaded among the 85 malicious apps, with over 5 million downloads.

    It’s also worth noting that these apps showed and shared the same source code, despite coming from different developers and different APK certificates. Once installed, as soon as the user launched these apps, a full-screen pop-up would appear asking users to perpetually press several buttons to continue.

    Every button press would then open a new ad page, and this kept on happening until the app finally crashed. That said, they would still run in the background and suddenly show up after every hour or so on the device. For more information, click on the source link below.

    Well, this isn’t the first time Google has removed malcious apps from the PlayStore. In November 2018, Google removed 13 malware-infested apps from the PlayStore. Back then, popular malware researcher researcher, Lukas Stefanko, found 13 malicious apps on the Play Store, which tricked users to install malware on their handsets.

    Besides, Stefanko also found 29 other malicious apps on the PlayStore between August until early October 2018 in the Google Play store, which also masked themselves as authentic banking apps and used phishing forms to collect a user’s personal banking information.

  • Google removes 13 malware infested apps from the Play Store

    Google removes 13 malware infested apps from the Play Store

    A security researcher has found over a dozen malware infested apps have on the Play Store that trick users to install malware on their handsets. Renowned malware security researcher, Lukas Stefanko, has found 13 malicious apps on the Play Store, all of which happen to be motor racing games.

    According to Stefanko, these apps were created the same cybercriminal Luiz Pinto. Stefanko also notes that these apps have been downloaded by users nearly 560,000 times. Besides, he also added that a few of them also happen to be top trending apps.

    Reports suggest that once users were tricked into installing these malware infested apps, these apps never functioned properly as they crashed whenever a user tried opening them. And over a period of time, these apps could hide the icon from a user’s view and then asked users to install in-app application Game Center.

    Users were mostly unaware, and without their consent it used to install malware in the background to steal sensitive information. Researcher Stefanko informed Google about such malicious apps thriving on the Play Store.  Thankfully, Google came out with a swift response as the company has now removed 13 such malicious apps from Play Store.

    That said, the search engine giant continues to fail in its efforts to stop such malware ridden apps popping up on the Ply Store. As this isn’t the first time malware researcher Lukas Stefanko has found malicious apps on the Play Store.

    Earlier, this month, he found a Trojan-ridden call recording app which disguized itself as a normal call recording app and tricked users into downloading an additional app. While back in September, he found a Trojanized banking app which stole banking information from compromised Android devices.

    Stefanko suggests that if an Android app asks you to download Flash Player from servers besides Adobe, it should be taken as a warning sign as the app is most likely infected.

    One of the primary reasons that such apps are constantly showing app on the Play Store could be Google’s open source code policy. In contrast, Apple controls almost everything for its iOS store apps and allows developers to work within stringent parameters only. Hopefully, Google takes a cue from Apple to prevent such instances from happening in the future.

  • Google Play Store hit with another Trojan-ridden app

    Google Play Store hit with another Trojan-ridden app

    Yet another malicious call recording application has been discovered on Google’s PlayStore by malware researcher Lukas Stefanko. The app, called Simple Call Recorder published by FreahApps Group, already had over 5000 installs and has been available on the PlayStore since November 30, 2017.

    Despite being a normal call recording app, Simple Call Recorder tricked users into donwloading an additional app impersonating as a flash player update, explained malware researcher Lukas Stefanko. Once installed, the malicious app compromised and infected the device by asking the user to install a fake flash player update.

    “After install and launch, Simple Call Recorder decrypts additional binary file carried in assets and dynamically loads it. This behaviour is typical for the most Android threats these days. This Trojanized app contains call recording functionality and malicious code responsible for downloading and installing additional app,” explained malware researcher Lukas Stefanko in a blog post.

    Interestingly, the Simple Call Recorder application has been on the Play Store for almost over a year, which happens to be a really long time before being found and then finally removed.

    It’s also worth noting that this isn’t the first time malware reseracher Stefanko has found a Trojanized Android app on the Google Play Store. Back in September, he found a Trojan-ridden banking app which also disguized itself as a functional phone call recording app and stole banking information from compromised Android devices.

    Surprisingly, even this one lasted on the PlayStore for quite long and witnessed over 10,000 installs. The app was capable of stealing banking credentials even when SMS two-factor authentication was activated.

    Besides, malware reseracher Stefanko also found 29 other malicious Android apps from August unitl early October 2018 in the Google Play store, which also masked themselves as authentic banking apps and used phishing forms to collect a user’s personal banking information. Fianlly, Stefanko suggests that if an Android app asks you to download Flash Player from servers besides Adobe, it should be taken as a warning sign as the app is most likely infected.