Android Malware

A new set of malware, phishing and adware Android apps have infiltrated the Google Play store, tricking over two million people into installing them.

The apps were discovered by Dr Web antivirus and pretend to be useful utilities and system optimizers but, in reality, are the sources of performance issues, advertisements and degraded user experience.

An app illustrated by Dr. Web that has amassed a million downloads is tube boxwhich remains available on Google Play at the time of this writing.

Tube Box on Google Play
Tube Box on Google Play (Computer Beep)

TubeBox promises monetary rewards for watching videos and ads on the app, but never delivers on the promises, exhibiting various errors while trying to redeem the collected rewards.

TubeBox app screens
TubeBox app screens (Dr Web)

Even users who manage to complete the final withdrawal step never actually receive the funds, as researchers say it’s a trick to try to keep them on the app for as long as possible, watching ads and generating revenue for developers.

Other adware apps that appeared on Google Play in October 2022 but have since been removed are:

  • Automatic Bluetooth device connection (bt autoconnect group) – 1,000,000 downloads
  • Bluetooth & Wi-Fi & USB driver (simple things for everyone) – 100,000 downloads
  • Volume, music equalizer (bt autoconnect group) – 50,000 downloads
  • Fast Cleaner and Cooling Master (Hippo VPN LLC) – 500 downloads
Adware apps on Google Play
Adware apps on Google Play (Dr Web)

The above applications receive commands from Firebase Cloud Messaging and load the websites specified in those commands, generating fraudulent ad impressions on infected devices.

In the case of Fast Cleaner & Cooling Master, which had a low download volume, remote operators could also configure an infected device to act as a proxy server. This proxy server would allow hackers to funnel their own traffic through the infected device.

Finally, Dr. Web discovered a set of loan scam apps claiming to have a direct relationship with Russian banks and investment groups, each with an average of 10,000 downloads on Google Play.

Investment scam apps targeting Russian users
Investment scam apps targeting Russian users (Dr Web)

These apps were promoted via malicious advertising through other apps, promising guaranteed investment profits. In reality, the apps take users to phishing sites where their personal information is collected.

To protect yourself from scam apps on Google Play, always check negative reviews, carefully review the privacy policy, and visit the developer’s site to assess its authenticity.

In general, try to keep the number of apps installed on your device to a minimum and periodically check and ensure that Google’s Play Protect feature is active.


Source link