Two new batches of malicious apps have been found on the Google Play store with one group possibly having been downloaded hundreds of millions of times and the other having the ability to dodge Google vetting system.
Sophos and Bitdefender have each reported the apps they discovered used well-worn tricks, including actually working, in order to trick people into downloading and using the software. This can lead to monetary losses and privacy disclosure.
Bitdefender found 17 malicious apps that deliver adware using several methods to fool Google’s app vetting process to gain a foothold in the Play store. The primary method is that once installed the app hides its icon and goes silent for 48 hours. Its code is also split into two des files, which Bitdefender said makes it hard for security researchers to “grasp the logic of the app.” Another technique is to manipulate the broadcast receiver for android.intent.action.USER_PRESENT to display ads only after 4 hours following installation.
Another bit of camouflage is the app comes with game related .so files, used to speed up graphics on a mobile device, and Bitdefender believes these are included to make the app look like a regular mobile game whereas the .so file actually delivers ads.
Sophos found 25 apps it describes as “fleeceware” that if their public download numbers are correct, and that is an arguable point says Sophos, may be installed on about 600 million devices. While there is potentially some malware at play with these apps, the real issue is they use deceptive advertising and reviews to entice people.
The basic danger with the fleeceware apps in question is they offer a free trial period but then start charging the required credit card an exorbitant fee and it is very difficult to stop making payments.
In another case a keyboard app is allegedly a keylogger and transmits each keystroke to a server in China, Sophos wrote.
Sophos found similar apps on Google Play last fall and worked with the search giant to have them removed.