Jump to content
  • Android malware apps with 2 million installs spotted on Google Play

    alf9872000

    • 286 views
    • 3 minutes
     Share


    • 286 views
    • 3 minutes

    A new set of Android malware, phishing, and adware apps have infiltrated the Google Play store, tricking over two million people into installing them.

     

    The apps were discovered by Dr. Web antivirus and pretend to be useful utilities and system optimizers but, in reality, are the sources of performance hiccups, ads, and user experience degradation.

     

    One app illustrated by Dr. Web that has amassed one million downloads is TubeBox, which remains available on Google Play at the time of writing this.

     

    tube-app.jpg

    TubeBox on Google Play (BleepingComputer)

     

    TubeBox promises monetary rewards for watching videos and ads on the app but never delivers on its promises, presenting various errors when trying to redeem the collected rewards.

     

    tubebox-scam.png

    TubeBox app screens (Dr. Web)

     

    Even users who get to complete the final withdrawal step never really receive the funds, as the researchers say it’s all a trick to try and keep them on the app for as long as possible, watching ads and generating revenue for the developers.

     

    Other adware apps that appeared on Google Play in October 2022 but have since been removed are:

    • Bluetooth device auto connect (bt autoconnect group) – 1,000,000 downloads
    • Bluetooth & Wi-Fi & USB driver (simple things for everyone) – 100,000 downloads
    • Volume, Music Equalizer (bt autoconnect group) – 50,000 downloads
    • Fast Cleaner & Cooling Master (Hippo VPN LLC) – 500 downloads

     

    adware-apps.png

    Adware apps on Google Play (Dr. Web)

     

    The above apps receive commands from Firebase Cloud Messaging and load the websites specified in these commands, generating fraudulent ad impressions on the infected devices.

     

    In the case of Fast Cleaner & Cooling Master, which had a low download volume, the remote operators could also configure an infected device to act as a proxy server. This proxy server would allow the threat actors to channel their own traffic through the infected device.

     

    Finally, Dr. Web discovered a set of loan scam apps claiming to have a direct relationship with Russian banks and investment groups, each having an average of 10,000 downloads on Google Play.

     

    russian-apps.png

    Investment scam apps targeting Russian users (Dr. Web)

     

    These apps were promoted via malvertizing through other apps, promising guaranteed investment profits. In reality, the apps take the users to phishing sites where their personal information is collected.

     

    To protect yourself from fraudulent apps on Google Play, always check for negative reviews, scrutinize the privacy policy, and visit the developer’s site to evaluate its authenticity.

     

    In general, try to keep the number of installed apps on your device at a minimum and periodically check and ensure that Google's Play Protect feature is active.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...