Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Malicious apps now post their own positive reviews on Google Play

The assault on Google’s Play Store continues with 30 malicious apps being revealed that have been downloaded hundreds of millions of times and having capabilities that have caused security firms suggesting end users take extraordinary steps to vet software prior to downloading.

VPNpro and Trend Micro made public 24 and four apps, respectively, that are either capable of downloading further malware or conducting ad fraud and in some cases can post fake information to the Play Store to make them appear more desirable.

The apps found by Trend Micro, detected as AndroidOS_BadBooster.HRX, have the ability to inject 3,000 different types of malware and perform ad fraud on a targeted device. The apps, which have been downloaded 470,000, pose as performance and productivity tools, hide in plain sight by not appearing either on the desktop or in the application list. When in ad fraud mode the malware not only posts ads to the mobile device, but also clicks on them to generate income for the advertiser.

Another interesting and dangerous aspect to these four apps is they have the ability post to positive reviews to Google Play in order to appear more legitimate to their potential victims. To counter this Trend Micro is recommending that end users first scrutinize an app from several different angles prior to downloading.

“Despite the slew of positive reviews, it does leave some red flags — even though different users left positive reviews, the comments they leave contain the same, exact text: ‘Great, works fast and good.’ They also gave the app the same four-star rating,” the report stated.

These apps became available in 2017, but were taken down by Google when it was inform

Another solid practice suggested by VPNpro is for customers to simply question whether or not an app that they are either thinking about getting or one that is already on their device is really needed and if not to either delete it or opt to not download it in the first place.

This practice can help a person avoid being stuck with the apps uncovered by Trend Micro or the 24 malicious VPN apps found by VPNpro.

These apps were all made by the Chinese firm, Shenzen HAWK Internet, a subsidiary of TCL Corp. a large consumer electronics firm that owns the licenses to dozens of well- known brands  like Alcatel, BlackBerry, and RCA .

The apps have been downloaded a combined 384 million times, VPNpro reported. These apps perform a wide variety of dangerous task from scraping information and sending it to a server in China, to serving ads and asking for a very large number of permissions such as the ability to make calls, take photos and record video.

Unlike with the apps found by Trend Micro, these are still available in the Play Store.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.