At least 38 applications were removed from Google’s Play Store for containing malware. The developers of these apps were able to get their apps on to the Play Store’s by disabling malicious adware functions inside the source code.
The discovery was made by White Ops, they then reported their findings to Google.
What they found
These applications were all beauty and image filtering applications. After being installed they would bombard the user with ads and web browser redirects. They would also make it difficult for the user to remove these apps.
“The specific fraud these apps commit is:
Out-of-Context (OOC) Ads: Rendering OOC ads including native and interstitial, from major ad-networks.
Out-of-Context Navigation: Launching out-of-context navigation intents to URLs received from the command and control server (C2).
Removal of App Icon: Remove the app icon from the device’s home and apps folder, to make it difficult for the user to uninstall the app.
We associated 38 apps with this threat, all of which have been taken down by the Play Store.White Ops.
These applications are usually found by Google and are removed, never spending more than a week on the Play Store. White Ops however found 17 more applications that were downloaded over half a million times.
After being removed the creators of these apps would delete the malicious code in order to be readmitted. They would then add back the malware code in an update. White Ops found out that they used Arabic characters in place of English in the source code for the updates tricking the Play Store.
What has Google done?
Google has removed all the apps from the Play Store. Google will also increase scrutiny on apps going forward.
Although they have removed the applications it’s always good to be cautious when installing apps. It’s always good to look more information on an app. One may never know what they are installing on to their device. Some apps require far too many permissions and could end up harvesting data from the user. Others could be mimicking well known apps.
Developers who create these kinds of apps will find new ways of getting malware into seemingly benign apps. The battle is ongoing and the means ever-changing.