Android malware infiltrated the Google Play Store

Playstore Malware

Computer virus incidents cost companies, organizations as well as individuals billions of dollars every year. While antivirus technologies for detection and containment are attempting to keep pace, the threat is constantly evolving. The attack vector is no longer simply an infected executable on a external drive. Emails, websites, macro-enabled documents, instant messages, peer-to-peer networks, cell phones, and other interconnected systems are all potential entry points for a wide range of malware. By rough definition Malware is any software intentionally designed to cause damage to a computer device, server, client, or computer network. Malware does the damage after it is implanted or introduced in some way into a target’s computer and can take the form of executable code, scripts, active content, and other software.

Recently at least 100,000 people downloaded apps distributing MobSTSPY malware, which also leverages a phishing attack to steal account credentials from victims.

Example of phishing a SMS disguised as Amazon service message

Recently it has been discovered that several applications uploaded to Google Play for the intention of distributing malware! These malware apps include games, as well as more general-purpose applications including a like flashlights, utilities and emulators. These infected apps are initially uploaded to the store without active malicious code, only for the infrastructure for conducting attacks to be added at a later date. It could have been months later, after apps had been downloaded by large numbers of users! Usually Google enforce checks for new apps, but as updates are made to the app over time and they are proven not to be malicious from the offset, the level of checking is reduced and this is how users got affected.

Following installation, modern malware checks for the device’s network availability, before connecting to a control server collecting information about the device, including country, package name and manufacturer. Once initial connection has been established the actual attack (stealing data) can be postponed for weeks (sometimes months). A number of malicious activities can be conducted including stealing text messages, contact lists and a variety of files, such as audio/video recordings, and Viber, WhatsApp or WeChat data.

In addition to directly stealing files from the compromised Android device, malware “MobSTSPY” can gather additional credentials by conducting phishing attacks. The malware displays fake pop-ups from popular websites like Facebook and Google, asking the user to login to their account. The fake pop-up tells the user their login wasn’t successful and disappears, having achieved its goal of stealing their username and password.

It is also common apps like games to wait several weeks before start displaying variety of pop-ups. In case you may have seen your Android phone is extremely slow, or it pop-up bunch of sites while you are browsing we recommend you to locate and remove malicious apps as soon as possible.

Get Started Here

    form icon

    Tell us about your data loss