Malware-infected apps keep making their way to the Google Play Store

Last year, a Pokemon GO guide app, which managed to amass more than 500,000 downloads, was taken down after being uncovered as a vector for malware infection, enabling hackers to root devices and shower users with ads. More than 100 apps using the same code base (named Ztorg) have been uncovered since then, though the latest pair of malicious apps removed from the Play Store are a bit of an outlier.

"Magic Browser" and "Noise Detector," which combined had more than 60,000 downloads, actually didn't possess the ability to root a user's device. Instead, they took control of sending and receiving SMS, which in practical terms means they had the ability to sneakily send text messages to premium numbers. The good news, however, is that both of them were likely used for testing purposes only: both didn't actually possess the bulk of the Ztorg code, which the Kaspersky researcher who detected them theorizes was being slowly added via app updates so as to avoid detection.

And it seems precisely this tactic – updating an app with malware instead of directly shipping it – is gaining steam lately. The last app removal from this month was of a game called "colourblock," which, too, used exploits to root users' devices. So given the recent uptick in similar attacks, it's fair to say Google's Play Protect, which scans all apps submitted to the Google Play storefront, needs to step up its game a bit.

Seeing as the two removed apps were likely used for testing, it should be expected for us to be seeing more of this type of malware in the future. So everyone out there should make sure not to go download-crazy, even with apps that may seem relatively popular.

source: Kaspersky Labs via Ars Technica