Info-tech

Google has banned 11 apps from Play Store for containing hidden malware: Report

Hemani Sheth Mumbai | Updated on July 10, 2020 Published on July 10, 2020

Google has banned from its Play Store 11 apps for injecting malware into users’ phones, according to reports.

A new variant of popular malware Joker had been discovered by researchers at cybersecurity firm Check Point. The malware had been hiding from security checks by hiding in apps that seemed legitimate.

“Check Point’s researchers recently discovered a new variant of the Joker Dropper and Premium Dialer spyware in Google Play. Hiding in seemingly legitimate applications, we found that this updated version of Joker was able to download additional malware to the device, which subscribes the user to premium services without their knowledge or consent,” Check Point said in its report.

Joker is one of the most frequently encountered malware for Android and has made its way to apps on Google Play Store in the past.

Google in January had said that it had removed over 1,700 apps that contained the malware Bread, also known as Joker.

Alec Guertin and Vadim Kotov, who belong to the Android Security & Privacy Team, had explained in a blog post that Google’s security team had been tracking the malware since 2017. It was initially used for SMS fraud. However, due to updated security checks, the malware had been altered for billing fraud.

“As the Play Store has introduced new policies and Google Play Protect has scaled defences, Bread apps were forced to continually iterate to search for gaps. They have at some point used just about every cloaking and obfuscation technique under the sun in an attempt to go undetected. Many of these samples appear to be designed specifically to attempt to slip into the Play Store undetected and are not seen elsewhere,” the blog read.

“Google Play Protect detected and removed 1.7k unique Bread apps from the Play Store before ever being downloaded by users. Bread apps originally performed SMS fraud, but have largely abandoned this for WAP billing following the introduction of new Play policies restricting use of the SEND_SMS permission and increased coverage by Google Play Protect,” it said.

Old technique

The new variant has adopted an old old technique from malware used for infecting PCs, according to the Check Point research report. The malware subscribes users to premium services without them knowing about it or consenting to it.

“Joker utilised two main components – the Notification Listener service that is part of the original application, and a dynamic dex file loaded from the C&C server to perform the registration of the user to the services,” the report read.

It listed 11 apps found on Google Play that contained the malware. These apps include:

com.imagecompress.android

com.contact.withme.texts

com.hmvoice.friendsms

com.relax.relaxation.androidsms

com.cheery.message.sendsms (two different instances)

com.peason.lovinglovemessage

com.file.recovefiles

com.LPlocker.lockapps

com.remindme.alram

com.training.memorygame

Check Point suggests uninstalling these applications from a user device to prevent future threats. It also suggests that users check their mobile and credit-card bills to detect any unknown subscriptions. User can also install trusted cybersecurity solutions to prevent such attacks.

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on July 10, 2020
This article is closed for comments.
Please Email the Editor