Google has removed dozens of Android apps in Google Play posing as battery management tools that may have leaked millions of users’ email addresses to criminals.
Russian security firm Dr. Web has reported over 100 Android utility, photo editing and animated wallpaper apps that were available on Google Play to Google after finding that the apps don’t deliver advertised capabilities but do, via malicious ads, steal personal information.
The firm says that Google removed some of the apps after it reported the issue, which abuses in-app advertising to infect targets with spyware. Dr. Web said the apps had been installed on 3.2 million Android devices.
The malicious apps are bogus versions of legitimate apps, according to Dr. Web, which identified the collection of apps as “Android.Spy.277.origin”. The apps present a variety of misleading warnings such as that a device poses a safety hazard due to an overheated battery or that a battery is badly damaged. Following in the footsteps of desktop scareware, the attacker offers further app installations that are claimed to resolve issues flagged in fake system notifications.
According to Dr. Web, the malware will persist even if the original malicious app is deleted.
“It is noteworthy that a plug-in hidden in the Trojan’s program package possesses the same features as the Android.Spy.277.origin itself. Once the Trojan receives instructions from the server, it tries to install this plug-in, masquerading it as an important update. Therefore, the device, in fact, contains two copies of Android.Spy.277.origin—thus, even if the original version of the Trojan is deleted, there is still its counterpart, which continues to deliver advertisements,” the security firm said.
The malware extracts email addresses, unique details about the device, its location, network, and installed apps.
Google Play is generally considered the safest place to install Android apps from and Android users are encouraged avoid other sources. However, despite Google’s security checks on apps distributed through Google Play, the sheer volume of new apps published on the store means the company sometimes misses malicious apps.
Google in January removed 13 apps from its official app store after third-party researchers flagged them as malware. Security firm Lookout noted at the time the apps, some of them games, behaved as advertised, however were also equipped to automatically generate positive reviews on the Play Store to encourage others to willingly install malware. The malicious apps also could only be uninstalled by re-flashing the device.
Participate in this short survey on IT security strategies across the Australian market and go in the draw to WIN a 360Fly camera vailued at $689.