Affiliate links on Android Authority may earn us a commission. Learn more.
Malicious apps reinfest Play Store after name change
- At least seven malicious apps are said to have reappeared in the Play Store after being previously removed.
- The apps apparently had different names and publishers, but the same code.
- The apps in question used trusted icons to request permissions, before pushing ads to the device.
At least seven malicious apps that had previously been removed from Google Play are said to have reappeared under different names. Researchers at Symantec found that the apps had been reuploaded to Google Play by different publishers, but that the malware code contained in them was the same.
The malware in question was a trojan first discovered in February 2014 called Android.Reputation.1.
According to Symantec, the malicious apps took the form of “emoji keyboard additions, space cleaners, calculators, app lockers, and call recorders.” However, they did not perform their advertised function. Instead, the apps would attempt to hide after being installed, before trying to take advantage of the user’s device.
The apps would take several steps to avoid detection and uninstallation by the user and Google’s security systems, including lying dormant for some time before beginning malicious activities, using trusted icons such as the Google Play icon, changing the launcher and running apps icons, and requesting admin privileges.
All of these steps could also make it more difficult for unsuspecting users to know exactly what was going on. The apps would then create profit for the developers by pushing ads to the device using Google Mobile Services. This included scam pages that told users they had won a prize.
While the malware was found in at least seven apps, it’s not clear how many times the apps were installed or how many users the apps affected. Symantec also doesn’t outline what has become of the apps — presumably, they have been removed once more.
Downloading apps from Google Play is generally safe. Google employs measures to scan apps for malicious activities and it says that in 2017 the number of infected apps that made it into the Play Store was greatly reduced when compared to 2016.
However, there’s always a chance that apps will make it into the store and, potentially, onto your device. To combat this, you should only install apps from trusted sources, pay close attention to the permissions requested, and keep your software up to date.