More apps have been taken down from the Google Play Store after they were found to be hiding malware. This time, the apps were disguised as fashion and photo utility apps.
Android Apps Malware
Cybersecurity firm Symantec researchers announced that they found over two dozen Android apps hiding malware. Specifically, 25 Android Package Kits (APKs) disguised as a photo or fashion app from 22 different publishers were found to contain malware that pushed advertisements to the users’ devices, sometimes even after the app has been closed.
Once downloaded, users can still see the app icons but they do not know that in the background a request is already being made to download a remote configuration file. Once the configuration file is downloaded, the malware then extracts and applies the settings and soon, the app icon is hidden and the malware begins to display disruptive advertisements that often cover the full screen.
Since the advertisements are not displayed within the app, the users will not know which app had caused it. What’s more, they may not even consider uninstalling the app because they cannot see the icon anymore.
Similar Source Code
What’s interesting is that even if the apps were published by different developers, their codes and app structures were rather similar, which could mean that they all came from a single organized group or perhaps using the same source code.
Further, the researchers found that the developer of one of the affected apps, Burnerfock, released two of the same app, with one being a proper top trending app and the other an identical, malware-infected copy. As such, they believe that the developer deliberately created them so that users may mistake the malware app for the trending app and download it instead.
As with most malware or adware attacks, the perpetrators do it for monetary gain. The apps have been downloaded a combined total of over 2.1 million times, and all of them have been removed from the Play Store after the firm reported the findings to Google last Sept. 2.