Samsung Galaxy S25 Ultra vs iPhone 17 Pro Max

Malware-infected apps sneak into Google Play, leave Android devices wide open for attacks

By
70comments
Add as a preferred source on Google
Android
Malware-infected apps sneak into Google Play, leave Android devices wide open for attacks

The legend of vikings who siege settlements to loot their goods and set them ablaze is alive and well in the latest Android malware scenario. Apparently, not only do they still exist, but they also strike dangerously close to home. In April, researchers from 'Checkpoint' investigated a malware campaign in which a horde of malicious apps somehow breached the Google Play store's gates and attacked unsuspecting Android phones. Some of them even climbed to the top ranks with their large volume of downloads, before users started sensing there's something wrong with them and lowered their rankings.

The apps 'Viking Jump', 'WiFi Plus', 'Parrot Copter', 'Memory Booster', and 'Simple 2048' contain malicious components that begin their activity post their initial launch. Two binaries named like Android system files are installed on the storage, with one used for exchanging information between the malware's parts, and the other keeping a list of all its components. The virus checks for root permissions, and if your device is rooted, two additional components are installed for the attackers' purposes. Regardless of whether you have root access or not, the malware will connect to its command and control server, sending the device's battery charge, type of data connection, and phone number.

Download top-ranked app, get infected. No extra in-app purchases required!

Finally, the server opens a proxy connection capable of sending and receiving information between server and device according to the hacker's whim. In this campaign's case, devices are hijacked to simulate clicks on online advertisements and generate profit. Some of the applications also send premium SMS messages, and the proxy allows for DDoS attacks, spamming, and remote code execution. Your device pretty much becomes the hacker's puppet.

Checkpoint Security traced 44% of the infections to Russia, which is explained by the prevalence of Android 4.4 in the country. Later operating system versions (Lollipop and Marshmallow) have stricter permissions control, thus the malware which relies on very suspicious permission sets is less likely to get past observant users. Alas, the researchers haven't made recommendation about anything you could do in the event of infection. Hopefully, a decent antivirus app will be able to bring things back in order.

Recommended Stories

Checkpoint notified Google about the discovery in early May. Unfortunately, this isn't the first time malware apps have invaded the Google Play store. In 2014, a number of applications with embedded BitCoin miners got loose and wrangled users' handsets into mining cyber-gold for the attackers' advantage. Although occurrences of malware apps inside the Play store are isolated incidents rather than a tendency, the mere possibility of infection by means of downloading a top-ranked, seemingly harmless app is quite alarming.

Also read:


source: Checkpoint

Buy 3 Months, Get 3 Free

Visible+ Pro – up to $135 savings on Verizon’s fastest 5G


We may earn a commission if you make a purchase

Check Out The Offer
Google News Follow
Follow us on Google News
https://s-cdn.phonearena.com/images/nothumb_user_300x300.png
Luis D. Former Tech News and Features Writer
Luis D. has a multitude of news, features and review articles written for PhoneArena. He adeptly demystifies complex technology topics, such as the development of advanced materials for bendable device displays and the evolution of chipset manufacturing.
COMMENTS (70)

Latest Discussions

Meta will fight spam on WhatsApp by restricting how many people can ghost you

by Ilia Temelkov • 1

The battle rages on: Apple accuses Epic Games of wanting a "free ride" on the iPhone with sideloading

by Johanna Romero • 1

Google may be bringing "Nano Banana" to Messages so you can properly spam your friends

by Johanna Romero • 2
Start Discussion View All

Recommended Stories

Popular stories

T-Mobile is ending a fan-favorite perk, but you might get a nice parting gift
T-Mobile is ending a fan-favorite perk, but you might get a nice parting gift
Motorola is again giving Apple and Samsung a run for their money, and yet no one seems to care
Motorola is again giving Apple and Samsung a run for their money, and yet no one seems to care
Galaxy Tab S9 turns into a no-brainer for those looking to avoid overspending
Galaxy Tab S9 turns into a no-brainer for those looking to avoid overspending
Fans aren't happy with the latest Samsung DeX changes, but it's still glorious
Fans aren't happy with the latest Samsung DeX changes, but it's still glorious
BREAKING NEWS: Having trouble with your phones and tablets? Verizon's late-night outage might be why
BREAKING NEWS: Having trouble with your phones and tablets? Verizon's late-night outage might be why
Galaxy S26 series is coming in three months: 9 changes to expect
Galaxy S26 series is coming in three months: 9 changes to expect

Latest News

Samsung announces virtual event to unveil its first XR Headset, Project Moohan
Samsung announces virtual event to unveil its first XR Headset, Project Moohan
Pixel 10 Pro Fold battery explodes in a failed durability test
Pixel 10 Pro Fold battery explodes in a failed durability test
Fans aren't happy with the latest Samsung DeX changes, but it's still glorious
Fans aren't happy with the latest Samsung DeX changes, but it's still glorious
Satellite leaked calls and texts from T-Mobile customers
Satellite leaked calls and texts from T-Mobile customers
Apple just teased the next powerful addition to its hardware lineup
Apple just teased the next powerful addition to its hardware lineup
Google Meet's new feature is here to save you from last-minute call stress
Google Meet's new feature is here to save you from last-minute call stress
FCC OKs Cingular\'s purchase of AT&T Wireless