Malware-infected apps sneak into Google Play, leave Android devices wide open for attacks


The legend of vikings who siege settlements to loot their goods and set them ablaze is alive and well in the latest Android malware scenario. Apparently, not only do they still exist, but they also strike dangerously close to home. In April, researchers from 'Checkpoint' investigated a malware campaign in which a horde of malicious apps somehow breached the Google Play store's gates and attacked unsuspecting Android phones. Some of them even climbed to the top ranks with their large volume of downloads, before users started sensing there's something wrong with them and lowered their rankings.

The apps 'Viking Jump', 'WiFi Plus', 'Parrot Copter', 'Memory Booster', and 'Simple 2048' contain malicious components that begin their activity post their initial launch. Two binaries named like Android system files are installed on the storage, with one used for exchanging information between the malware's parts, and the other keeping a list of all its components. The virus checks for root permissions, and if your device is rooted, two additional components are installed for the attackers' purposes. Regardless of whether you have root access or not, the malware will connect to its command and control server, sending the device's battery charge, type of data connection, and phone number.

Finally, the server opens a proxy connection capable of sending and receiving information between server and device according to the hacker's whim. In this campaign's case, devices are hijacked to simulate clicks on online advertisements and generate profit. Some of the applications also send premium SMS messages, and the proxy allows for DDoS attacks, spamming, and remote code execution. Your device pretty much becomes the hacker's puppet.

Checkpoint Security traced 44% of the infections to Russia, which is explained by the prevalence of Android 4.4 in the country. Later operating system versions (Lollipop and Marshmallow) have stricter permissions control, thus the malware which relies on very suspicious permission sets is less likely to get past observant users. Alas, the researchers haven't made recommendation about anything you could do in the event of infection. Hopefully, a decent antivirus app will be able to bring things back in order.

Checkpoint notified Google about the discovery in early May. Unfortunately, this isn't the first time malware apps have invaded the Google Play store. In 2014, a number of applications with embedded BitCoin miners got loose and wrangled users' handsets into mining cyber-gold for the attackers' advantage. Although occurrences of malware apps inside the Play store are isolated incidents rather than a tendency, the mere possibility of infection by means of downloading a top-ranked, seemingly harmless app is quite alarming.

Also read:


source: Checkpoint

FEATURED VIDEO

70 Comments

1. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

Nothing to worry about, if you don't download them.

2. Mxyzptlk unregistered

That's understating it.

19. submar

Posts: 713; Member since: Sep 19, 2014

And it won't brick the device.

20. 444777

Posts: 399; Member since: May 02, 2016

Like IPhones and iPad crap.

37. PHYCLOPSH

Posts: 654; Member since: Jun 28, 2014

I'll take the infected Android app any day over being restricted to the "App store".

34. RebelwithoutaClue unregistered

Malfunctioning hardware isn't the same as bricking it with a software update, but nice try though.

38. Mxyzptlk unregistered

That's a technicality.

35. xfire99

Posts: 1207; Member since: Mar 14, 2012

LOL? Troll harder. 1 PERSON thought S7 edge was bricked and got it replaced. STUCKED AT LANG SELECTION ARENT BRICKED. iStupid!

39. Mxyzptlk unregistered

Did you have the device in question? I didn't think so. #TruthHurts

48. 444777

Posts: 399; Member since: May 02, 2016

Mxzy stop being iStupid.

59. xfire99

Posts: 1207; Member since: Mar 14, 2012

Go google bricked! #iTroll

60. Scott93274

Posts: 6040; Member since: Aug 06, 2013

Your butt hurts. #ButtHurt

61. Mxyzptlk unregistered

You would know all about that one, Scott.

66. Scott93274

Posts: 6040; Member since: Aug 06, 2013

.... Umm, don't even try to blame me for the sore condition on your lower rear posterior. I don't swing that way.

67. Mxyzptlk unregistered

You're the one who continues to talk about another man's rear. You said the comment remember.

52. marorun

Posts: 5029; Member since: Mar 30, 2015

As other said. Hardware defect can happen and we can live with this. Software update thats break your phone thats another issue..

51. marorun

Posts: 5029; Member since: Mar 30, 2015

AVG detect it right away i tested it. Also android device on 5.0 and newer are not affected. Other tech website where more precise and did not ignore important info.. As usual iphonearena :)

3. oozz009

Posts: 520; Member since: Jun 22, 2015

Just another day in the android world (no offence intended).

53. marorun

Posts: 5029; Member since: Mar 30, 2015

None taken. After all i can count on 1 hand the number of infected android device i saw in past 6 year i work in cellphone industry. So overblown article like this from pro apple website dont hurt me much.

4. jmill75

Posts: 127; Member since: Jul 22, 2009

It's almost like PhoneArena would intentionally run an article like this to take away from Google on their big day. Guarantee you ain't seeing something like this on Apple's big day....just saying!

5. kiko007

Posts: 7520; Member since: Feb 17, 2016

Google's big day? Who's the lucky groom?

6. RebelwithoutaClue unregistered

The EU ;)

7. kiko007

Posts: 7520; Member since: Feb 17, 2016

Haha +1

9. Mxyzptlk unregistered

Rhymes with clue.

13. RebelwithoutaClue unregistered

And dick rhymes with Mxyzptlk, coincidence?

24. 444777

Posts: 399; Member since: May 02, 2016

And dck rhymes with dickjedii. Coincidence. Leave Mxzy alone. He is way much better than that Darkkjeddi Apple fanboy. Well Mxzy replies with facts and quotes, aswell as knowledge. But that Darkkjeddi is a troll.

25. RebelwithoutaClue unregistered

Guess you and I have two different opinions on what rhymes and on what is a troll. You do know that imp is a genuine Apple fanboy?

28. Mxyzptlk unregistered

You should get a clue.

32. RebelwithoutaClue unregistered

Awwww poor guy, not even a funny one (but didn't expect otherwise)

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.