Researchers have warned that more than two million Android users have downloaded a series of malicious apps that bypass security protections to access the Google Play App Store.
After installation, applications use deceptive techniques to hide themselves from the user to avoid removal, while displaying malicious advertisements that can directly link to Malware.
A total of 35 “obviously malicious” apps have been discovered and detailed in the Google Play Store By cybersecurity researchers at Bitdefender, Many of them trick victims into downloading them.
If users download any of the apps, it is recommended to find and delete them immediately.
A Bitdefender spokesperson told ZDNET that the company contacted Google about malicious apps in the Play Store. ZDNET has contacted Google, but has not received a response as of press time.
It’s common for malware-laden apps to appear clean enough to bypass App Store protection, because they only connect to servers where they receive the malicious download after they’re installed on a user’s device.
According to Bitdefender, several applications are still available for download at the time of writing.
One of the apps discovered by researchers is called GPS Location Maps, and it has been downloaded by more than 100,000 users. According to the researchers, after downloading the app, the app changed its name from “GPS Location Maps” to “Settings” to make it difficult to find and remove, while displaying pop-up ads that link to malicious websites.
This, and many other dangerous apps identified by Bitdefender are also getting permission to display on top of other apps in an attempt to force the user to click on them. Some apps also mimic user clicks to click on ads, which helps them earn illegal traffic from forced visits.
We see: Hackers are looking for ways around multi-factor authentication. Here’s what to watch
Those behind GPS location maps have gone to great lengths to ensure that the malicious application is difficult to engineer and scan, with the main Java payload hidden inside encrypted files. Even when the files are decrypted, the code remains obscure.
The malicious app also uses another tactic to stay hidden – it does not appear in the list of recently used apps on Android devices.
Each malicious app uses similar behaviors once downloaded, showing ads while masking the icon as something else to hide it. Some of the malicious apps that have been downloaded more than 100,000 times include apps called Personal Charge View, Image Warp Camera, and Animated Sticker Finder.
Each malicious app is listed as the only app published by a single developer, but their email addresses and websites are all very similar, leading Bitdefender to believe that all apps could be the work of a single group or individual. Other apps that have been downloaded more than 100,000 times include Personal Charge View, Image Warp Camera, and Animated Sticker Finder.
“While official stores are usually very good at getting rid of malicious or dangerous apps, some history shows that a small number of bad apps have managed to gain access and cause casualties until they are reported. Just because we downloaded an app from the official store is not Well,” the researchers said, “does not mean it will be safe.”
Users should always be careful about what they download, and be especially wary of apps by unknown developers that have a large number of downloads but no reviews.
Users should also check apps that request access to permissions that have nothing to do with the advertised functionality.
The researchers cautioned that “just because you download an app from an official store doesn’t mean it’s safe.”
More about cyber security