Latest in Gear

Image credit:

Sneaky tactics lead to millions of malware-laden Android app downloads

The apps used a new workaround to skirt Google’s security testing.
Marc DeAngelis
09.26.19
Share
Tweet
Share

Sponsored Links

Symantec

Reports of malware-laden Android apps with millions of downloads are becoming a monthly occurrence. Google recently removed 25 more apps from the Play Store after Symantec discovered that they shared similar malicious code structure. These apps, which seemed like benign photo and fashion apps, were downloaded by users over 2.1 million times.

Once a user downloads the app, the executed code hides its icon and displays full-screen ads (which is similar to an issue discovered last month). The ads do not indicate which app is triggering them, and they're displayed even when the malicious app is closed, so users have no way of knowing which one to delete. Symantec cites monetary gain from ad revenue as the likely motivation behind the malware tactics.

Given the similarity between the apps, Symantec believes that they may have been created by one organization. The app listings on the Play Store are also pretty sneaky: the organization publishes two versions of the same app, one being a benign version and another being the malware version. The unaffected version may rank in top charts or the trending category, but when users manually search for the app, they have a 50-50 chance of downloading the ad-triggering variant.

Where this wave differs from previous batches of malware is in how the app icons are hidden. The programming that conceals the apps isn't hard-coded. Instead, a remote switch is built into the configuration files, which means that Google's security testing doesn't catch that aspect of the code.

Symantec and other security firms are frequently discovering new malware practices on the Play Store, which raises the question of how proactive Google is being. It could very well be the case that Google has effective security practices in place, but apps like these keep falling through the cracks. Even if that is the case, additional measures are needed to better protect Android users from malware and adware.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Apex's electric supercar includes an AR race coach and partial self-driving

Apex's electric supercar includes an AR race coach and partial self-driving

View
BMW will discontinue its iconic i8 hybrid sports car in April

BMW will discontinue its iconic i8 hybrid sports car in April

View
Tesla starts delivering the Model Y

Tesla starts delivering the Model Y

View
AI transforms 'The Great British Bakeoff' into a horror show

AI transforms 'The Great British Bakeoff' into a horror show

View
SpaceX aborts Falcon 9 launch with rare 'Liftoff! Disregard' sequence

SpaceX aborts Falcon 9 launch with rare 'Liftoff! Disregard' sequence

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr