Google Pulls 22 New Malicious Android Apps From Play Store

It's not a good time to be an Android user who frequents the Google Play Store for apps. Just over the last few weeks, malware-laden apps that had been downloaded over half a million times were found on the Play Store. Apps from Cheetah Mobile were also found to be committing click fraud and running down the batteries inside user devices. Reports are now surfacing that Google has now pulled another batch of 22 apps from the Google Play Store that had been downloaded over 2 million times cumulatively.

sparkle

The newest apps discovered to be malicious had a so-called "device-draining backdoor" that allowed them to download files from a server controlled by the attacker. The most disturbing part is that the Sophos report detailing the malicious apps notes that an app called Sparkle Flashlight, and two other apps were updated to include the secret downloader towards the start of 2018. That seemingly means the apps were fine initially and were later updated with malicious code. The other apps in the group had the malicious downloader installed from the start.

The purpose of these malicious apps was similar to the malicious apps from Cheetah Mobile in that they were all designed to click on ads fraudulently. Sophos called the family of 22 apps "Andr/Clickr-ad" and noted that the apps would automatically start and run even if the user force-closed them. The functions in the app caused them to consume lots of bandwidth and drain device batteries. The apps were essentially defrauding advertisers by giving a false impression that their ads were clicked. Most interestingly the fraudulent clicks were made to look as if they were coming from iPhones.

The reason that the fraudsters disguised the clicks is thought to be that iPhone clicks paid higher prices than those from Android devices. iPhone users are believed to be a more lucrative demographic for advertisers. Yet again these apps weren't pulled until a major report was published that outlined their nefarious activities, but Google did act quickly once it was told of the nefarious apps.


Via:  Sophos
Show comments blog comments powered by Disqus