Nearly 30 malicious Android Apps have been found propagating malware through the Google Play Store. A wide range of application types with infections were identified:
- Image editing apps
- Virtual keyboards
- System tools and utilities
- Calling apps
- Wallpaper apps
- Camera apps
- Emoji sticker apps
Removal of these malicious apps can sometimes prove difficult, as they may hide their icon from the installed apps list or replace their icons to blend in. Several of these apps functioned as advertised on the Play Store and also performed malicious actions in the background.
Some of these apps request permissions to allow an adware infected app to draw over other apps, placing ads on top of other legitimate apps. One set of apps distribute Joker malware, which subscribes the user to paid mobile services without the user’s consent. Another set of apps included malware with the purpose of stealing Facebook accounts by presenting a legitimate Facebook login page but stealing the entered credentials. The final subset of these malicious apps prey on users by masquerading as dating apps, but instead trick the user into providing their phone number, or prompting the user to pay for fake “Premium Access” options to continue a chat.
Malicious apps have always existed in mobile app stores; threat actors are always changing tactics to evade detection. Users should exercise skepticism when downloading new apps, and restrict themselves to trusted, reputable sources. Organizations are recommended to deploy Mobile Device Management (MDM) and other monitoring solutions, in order to restrict threat actors from accessing corporate networks, credentials, and communications. Device users should be in trained in appropriate cybersecurity awareness techniques. One example is to pay close scrutiny to application requests for permissions. A virtual keyboard app, for example, should not require permission to access location data, cameras, microphones, and other unrelated functions. This is most likely an indicator of unwanted activity.