Malicious Android apps totaling millions of downloads discovered on Google Play

Malicious Android apps totaling millions of downloads discovered on Google Play

TechSpot is celebrating its 25th anniversary. TechSpot means tech analysis and advice you can trust.

Why it matters: Anti-malware specialist Doctor Web has identified malicious software that was recently available on Google Play, masquerading as legitimate games and apps. They have all since been removed from the store but if you downloaded any of them, be sure to remove them ASAP.

Four games in particular – Agent Shooter, Rainbow Stretch, Rubber Punch 3D, and Super Skibydi Killer – stood out for their use of a trojan designed to exploit intrusive ads. Some of the games had more than 500,000+ downloads each, and the authors went to great lengths to keep their nefarious nature hidden from users.

As Dr. Web notes, the games would replace their icons on the home screen with transparent versions and leave their name field blank to avoid detection. Some also used a Chrome web browser icon, and would launch trojans that would run in the background when opened to generate fraudulent ad revenue.

Such tactics can be effective, especially when the malicious program stops working, as unsuspecting users will just assume their browser has crashed and relaunch the fake app.

Dr. Web also unearthed several other apps that fell into the Android.FakeApp category. These were mostly financial-based apps focused on activities like stock trading and accounting that tricked users into loading fraudulent sites and attempted to convince them to become “investors.” Examples in this category included MoneyMentor, FinancialFusion, and Financial Vault.

Others disguised as legitimate games, like Jungle Jewels, Eternal Maze, Fire Fruits, Enchanged Elixir, Cowboy’s Frontier, and Stellar Secrets, were mostly fronts for online casino websites, and in violation of Google Play policies.

Yet another category of trojan apps, Android.Joker, subscribes victims to paid services and can impersonate any number of legitimate app. One example, called Beauty Wallpaper HD, pretended to be an image collection app while another, dubbed Love Emoji Messenger, billed itself as a free chat app.

Dr. Web’s report goes to show that even official app stores like Google Play are not immune to bad actors.

Image credit: Amarnath Radhakrishnan

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : TechSpot – https://www.techspot.com/news/100670-malicious-android-apps-totaling-millions-downloads-discovered-google.html

Exit mobile version