Security software company Symantec has revealed that a number of malicious Android app have been returning to the Google Play store despite being reported. One may think that this may be because the people behind these apps may be using some sophisticated technology to fool Google. But, you may be surprised to know that the only thing these people do is to change the name of the app and use a different publisher to put these malicious apps back on Google Play. What is surprising is the fact that people responsible for this use the same code as they used in the apps before the app listings were reported to Google.
Symantec goes to give an example of “Android.Reputation.1” malware which appears to be “hidden in at at least seven apps in the U.S”. These apps range in functionality that they provide including emoji keyboard, app lockers, call recorders, space cleaners and even calculators. The company tested these apps to note that none of the “samples” tested worked as advertised and tried to implement a number of measures to ensure that the app stays on the smartphone. These measures included disappearing and erasing its tracks.
All the apps as part of sample waited four hours before launching the “malicious activity” to evade any user suspicion. They also requested device administration privilege to ensure that it is difficult for the user to uninstall the app. What is interesting is that the app uses Google Play icon while requesting for these privileges. It also comes with the ability to change its icon in the launcher as well as the “running apps” section so that it is difficult for the user to find the app in a huge list. It falls back on using Google Play or Google Maps icon to ensure that it can evade detection.
Watch: Gesture navigation on Xiaomi RN5
The company noted that the malware delivers advertisement and launches URLs in web view to “you won” scam lottery pages. These apps are using “Firebase Messaging” service, a legitimate android service to tie into the device. Symantec noted that it has noted that seven apps on Google Play are using the same malware. It has advised users to keep the software of their device updates while asking them to not download and install apps from unfamiliar websites. Users should also take care of what permissions an app is asking for during its installation.
Last but not the least, users may also want to download a security app for their smartphones and ensure that they take regular backup of their data. Though, considering that it is Google, one of the top software companies in the work, we expect the company to strengthen its app screening process. This is to make sure that no app is able to get to Play store with a hidden malware with just a new app name and publisher.