Dozens more shape-shifting malicious Android apps discovered
Many malicious Android apps lurk in the Play Store
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Three dozen maliciousAndroidapps have been discovered on theGoogle Play Store, showing once again that downloading from a proven source is not a sufficient security practice.
Cybersecurity researchers from Bitdefender discovered a total of 35 Android apps on the Google Play Store that serve dangerous ads to their victims, and try their hardest to hide and prevent the users from removing them.
Themalware, ranging from GPS apps, to photo editors, to charging screensavers, have been downloaded more than two million times, the researchers said, “if we consider the available public data”. That means the total number is probably even greater.
Hiding from the users
Simply serving ads to theendpointsisn’t malicious in itself, the researchers explained, but the problem lies in the fact that these apps do it through their own framework, meaning nothing’s stopping them from serving more dangerous malware, too, or even ransomware. What’s more, if the ads are served aggressively (which they are), they hurt the user experience, as well.
Another aspect that makes these apps malicious is that they hide from the victims in order to avoid being deleted.
As soon as the victim downloads one of the malicious apps, it will change its entire appearance (both icon and name) into something else, often into apps users would be afraid to delete (System Settings, or something along those lines).
This Android malware is so dangerous, even Google is worried>Millions of Android devices infected with wallet-draining malware>These are the best Android apps right now
Even though Google has improved its Play Store vetting system throughout the years, malicious developers still manage to squeeze quite a few apps past the bouncers, and into one of the world’s greatest app repositories.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
That’s why the researchers are suggesting that even when users want to download an app from the official play store, they should double-check that it has enough downloads, and enough positive reviews and comments. Threat actors can use bots to fake reviews and ratings, but they can’t do it en masse. Furthermore, having amobile antiviruswouldn’t hurt.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
How to turn off Meta AI
