Android, the mobile operating system from Google, has a number of benefits but security is not its strongest suite. It has been proven multiple times that Android smartphones are vulnerable to attacks from malware disguised as applications. Now, a new report from security researcher reveals that over half a million Android devices could have been affected by such a threat.
Lukas Stefano, a security researcher at ESET, has revealed details of 13 gaming apps that are essentially distributing malware. All of these apps revealed by Stefanko are made by the same developer, and are currently available for download from the Play Store. In fact, two of those apps were trending on the store, which puts these apps in the focus of more users than other apps.
Don’t install these apps from Google Play – it’s malware.
-all together 560,000+ installs
-after launch, hide itself icon
-downloads additional APK and makes user install it (unavailable now)
-2 apps are #Trending
-no legitimate functionality
— Lukas Stefanko (@LukasStefanko) 19 November 2018
The researcher notes that these apps have a combined install base of 580,000 on the platform. Those who downloaded these apps expected a truck or car driving game and instead got a buggy app that crashed every time it was opened. This isn’t the first time that malware has been distributed in the form of an authentic application.
TechCrunch reports that these apps actually downloaded a payload from another domain, registered to a developer in Istanbul, and installed malware behind the scenes. The suspicious part is when the malware deletes the app’s icon from your smartphone. It is not clear what this malware does but it seems to launch persistently whenever you started the phone or tablet. These apps have “full access” to the network traffic, which could be exploited to steal secure information.
Since Stefanko tweeted his findings, Google has said that these apps violated its policies and “these apps have been removed from the Play Store.”
Watch: Google Pixel 3 XL Hands-On
This is clear lapse on security from Google considering the platform has built-in tools like Play Protect meant to protect against such applications. Apart from this, Google also has its own process for verifying such fraudulent apps and the behavior should have been flagged right there. Google recently pulled over 700,000 apps from the Play Store, and has promised further investment to secure Android. However, in this case, those efforts have not been enough.