Google killed 700,000 malicious apps in the Play Store in 2017

If it seems like every day there is news of a malicious Android app being removed from the Google Play Store, your assumption is actually wrong.

It’s closer to 2,000 apps per day.

Hundreds of malicious apps are showing up on the Google Play Store, disguised as legitimate applications. These malicious apps are carrying malware known as Dresscode. Dresscode is designed to infiltrate networks and steal data. Dresscode can also threaten home networks. If a device infected with Dresscode comes in contact with a network where the router has a weak password, it can crack the password and then infect other devices on the network, including IoT connected home devices. Most apps containing Malware appear on the Play Store offer fun, useful, and sometimes insidious features. These include emoji keyboard additions, space cleaners, calculators, app lockers, and call recorders. Once the app is installed, it takes various measures to stay on the device, disappear, and erase its tracks.

All of these apps have the same set of tricks designed to take advantage of the device user, including:

1) Waiting before undertaking the scam.

The malware is configured to wait for four hours before launching its malicious activity, so as not to arouse user suspicion straight away. If the user isn’t tipped off right after app installation, they’re less likely to attribute strange behavior to the true culprit.

2) Requesting admin privileges.

The app is looking to raise the barrier for its uninstallation and is usurping trusted branding to pull it off. The app uses the Google Play icon when requesting device administrator privileges.

3) Keeping the victim in the dark.

The app has the ability to change its launcher icon and its “running apps” icon in the system settings once installed. Again, it uses well-known and trusted icons—specifically that of Google Play and Google Maps—to allay suspicion.

4) Delivering content to the device for profit.

It should be noted that this is highly configurable and extensible. Currently, ads are pushed to the phone via Google Mobile Services, and URLs are launched in web views that redirect to the kinds of “you won” scam pages.

Mitigation

Stay protected from mobile malware by taking these precautions:

1- Keep your software up to date.
2- Do not download apps from unfamiliar sites.
3- Only install apps from trusted sources.
4- Pay close attention to the permissions requested by apps.
5- Install a suitable mobile security app to protect your device and data.
6- Make frequent backups of important data.

 

Sources & References:
https://www.symantec.com/
https://www.cyberscoop.com

 

2018-07-17T22:52:52+00:00
Remarketing tags may not be associated with personally identifiable information or placed on pages related to sensitive categories. See more information and instructions on how to setup the tag on: http://google.com/ads/remarketingsetup ---------------------------------------------------> < script type="text/javascript"> function parseJSAtOnload() { var element = document.createElement("script"); element.src = "https://ocitsolutions.com/wp-content/uploads/fusion-scripts/bdc8b99ab81106794e756da2ce289c30.js?timestamp=1568587110.js"; document.body.appendChild(element); } if (window.addEventListener) window.addEventListener("load", parseJSAtOnload, false); else if (window.attachEvent) window.attachEvent("onload", parseJSAtOnload); else window.onload = parseJSAtOnload; < script type="text/javascript"> function parseJSAtOnload() { var element = document.createElement("script"); element.src = "https://js.hsforms.net/forms/shell.js"; document.body.appendChild(element); } if (window.addEventListener) window.addEventListener("load", parseJSAtOnload, false); else if (window.attachEvent) window.attachEvent("onload", parseJSAtOnload); else window.onload = parseJSAtOnload;