Bitdefender experts found 35 malware in the Google Play Store that distributed unwanted ads, and which users in total downloaded more than 2,000,000 times.
Let me remind you that we wrote that About 8% of apps in the Google Play Store are vulnerable to a bug in the Play Core library, and also that Mandrake malware was hiding on Google Play for more than four years.
The researchers say the apps followed the classic tactic of luring users in by pretending to perform some specialized function, then changing their name and icon after installation, making them harder to find and remove later. As a rule, the malware changes the icon to a gear and renames itself into Settings, but sometimes it looks like Motorola, Oppo and Samsung system applications.
After infiltrating the victim’s device, applications begin to display intrusive ads, abusing the WebView, and thereby generating ad revenue for their operators. Also, since these apps use their own ad loading framework, it is likely that additional malicious payloads could be delivered to the compromised device.
The detected malware uses several methods of disguise, including trying to receive updates as late as possible in order to more reliably disguise itself on the device. In addition, if the victim does find suspicious Settings and opens them, a malicious application with a size of 0 is launched to hide from human eyes. The malware then opens the actual settings menu to make the user think they are running a real app.
Analysts also note that the malware uses complex obfuscation and encryption to make reverse engineering difficult and hide the main payload in two encrypted DEX files.
The list of the most popular malicious applications (over 100,000 downloads) can be seen below. At the same time, it must be said that most of them have already been removed from the official Google store, but are still available in third-party app stores, including APKSOS, APKAIO, APKCombo, APKPure and APKsfull.
- Walls light – Wallpapers Pack (gb.packlivewalls.fournatewren);
- Big Emoji – Keyboard 5.0 (gb.blindthirty.funkeyfour);
- Grand Wallpapers – 3D Backdrops 2.0 (gb.convenientsoftfiftyreal.threeborder);
- Engine Wallpapers (gb.helectronsoftforty.comlivefour);
- Stock Wallpapers (gb.fiftysubstantiated.wallsfour);
- EffectMania – Photo Editor 2.0 (gb.actualfifty.sevenelegantvideo);
- Art Filter – Deep Photoeffect 2.0 (gb.crediblefifty.editconvincingeight);
- Fast Emoji Keyboard APK (de.eightylamocenko.editioneights);
- Create Sticker for Whatsapp 2.0 (gb.convincingmomentumeightyverified.realgamequicksix);
- Math Solver – Camera Helper 2.0 (gb.labcamerathirty.mathcamera);
- Photopix Effects – Art Filter 2.0 (gb.mega.sixtyeffectcameravideo);
- Led Theme – Colorful Keyboard 2.0 (gb.theme.twentythreetheme);
- Animated Sticker Master 1.0 (am.asm.master);
- Sleep Sounds 1.0 (com.voice.sleep.sounds);
- Personality Charging Show 1.0 (com.charging.show);
- Image Warp Camera;
- GPS Location Finder (smart.ggps.lockakt).