Android Malware on Google Play

Several malicious Android apps in the Google Play Store have been found to comprise viruses, adware, and other malware that will infect the device. 

More than 10 million times all these malicious applications have already been downloaded on mobile devices as part of this campaign.

The apps present themselves as if they were:- 

  • Image-editing tools
  • Virtual keyboards
  • System optimizers
  • Wallpaper changers

The underlying functionality of these malicious applications can be summarized as follows:-

EHA
  • Ads that are intrusive are being pushed
  • Get premium subscription services for your users
  • The theft of social media accounts belonging to victims

It was the Dr. Web antivirus team that discovered these malicious apps as part of their ongoing research and analysis. There has been a large number of reported malicious applications that are present on the Google Play Store that was removed recently by Google.

Malicious Android Apps

The following is a list of the applications carrying these trojans:-

  • Photo Editor: Beauty Filter (gb.artfilter.tenvarnist)
  • Photo Editor: Retouch & Cutout (de.nineergysh.quickarttwo)
  • Photo Editor: Art Filters (gb.painnt.moonlightingnine)
  • Photo Editor – Design Maker (gb.twentynine.redaktoridea)
  • Photo Editor & Background Eraser (de.photoground.twentysixshot)
  • Photo & Exif Editor (de.xnano.photoexifeditornine)
  • Photo Editor – Filters Effects (de.hitopgop.sixtyeightgx)
  • Photo Filters & Effects (de.sixtyonecollice.cameraroll)
  • Photo Editor : Blur Image (de.instgang.fiftyggfife)
  • Photo Editor : Cut, Paste (de.fiftyninecamera.rollredactor)
  • Emoji Keyboard: Stickers & GIF (gb.crazykey.sevenboard)
  • Neon Theme Keyboard (com.neonthemekeyboard.app)
  • Neon Theme – Android Keyboard (com.androidneonkeyboard.app)
  • Cashe Cleaner (com.cachecleanereasytool.app)
  • Fancy Charging (com.fancyanimatedbattery.app)
  • FastCleaner: Cashe Cleaner (com.fastcleanercashecleaner.app)
  • Call Skins – Caller Themes (com.rockskinthemes.app)
  • Funny Caller (com.funnycallercustomtheme.app)
  • CallMe Phone Themes (com.callercallwallpaper.app)
  • InCall: Contact Background (com.mycallcustomcallscrean.app)
  • MyCall – Call Personalization (com.mycallcallpersonalization.app)
  • Caller Theme (com.caller.theme.slow)
  • Caller Theme (com.callertheme.firstref)
  • Funny Wallpapers – Live Screen (com.funnywallpapaerslive.app)
  • 4K Wallpapers Auto Changer (de.andromo.ssfiftylivesixcc)
  • NewScrean: 4D Wallpapers (com.newscrean4dwallpapers.app)
  • Stock Wallpapers & Backgrounds (de.stockeighty.onewallpapers)
  • Notes – reminders and lists (com.notesreminderslists.app)

It has been discovered by Dr. Web that several families of adware apps have been modified from existing adware applications. While apart from this,  in May 2022 all these malware families first emerged on the Google Play Store.

When you install the apps, they will ask for permission to overlay windows over any apps that you currently have installed. Additionally, they can also create their own exclusion list in order to exclude themselves from the exclusion list of battery saver mode.

Therefore, even if the victim closes the app, the malware can continue to run in the background. Moreover, they can use a fake core system component to replace their icons or hide them from the app drawer. 

Recommendations

While apart from this, to detect suspicious background processes, Play Protect monitors the internet data and battery consumption of your device on a regular basis.

We have listed below the security recommendations that we think are imperative to follow so as to prevent this from happening:-

  • Be sure to check the reviews and ratings of users before making any decisions.
  • If you would like to learn more about the developer, make sure to visit their website.
  • You should always read the privacy policies before making any decisions.
  • During the installation process, you should pay attention to the permissions that are requested.
  • Always use robust security tools.
  • Make sure to enable 2FA authentication.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.

Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.