Malicious Utility Apps

Researchers discovered several optimizer, utility, booster apps in Google Playstore and download as many as 3,000 malware variants or malicious payloads to perform various malicious activities including ad fraud and other malicious activities.

Malicious apps on Google play are not new, Cybercriminals keep targeting Android users due to over-popularity.

The adware programs will tend to serve unwanted advertisements on your mobile phone and computer. The adware can be included with some apps in a legitimate way to generate revenue.

These apps communicate with the command and control server to download and install the malware and also push malicious ads on the customer’s device.

Malicious Utility Apps

These malicious utility apps that are supposed to speed-up & clean the Android devices found to be downloaded more than 470,000 times.

According to the Trend Micro report, the malicious apps campaign is active since 2017 and more than 3,000 malware variants were detected.

Malicious Utility Apps
Malicious Apps List

Once the apps get installed, it won’t show the app icons in the launcher and the attackers use the affected devices to post fake reviews and also for clicking the ads pop up.

These apps claim to provide features such as speed clean & VPN to boost the device performance and anonymity, but after installation, they use to pop-up the ads only.

Researchers also observed that malicious apps are capable of launching ” a transparent activity background to hide malicious content from the user.”

Also, these apps once installed on the device connect with a remote server and registers the new malicious device.

These apps are also capable of uses accessibility functions to log in users with other apps by using their Google and Facebook accounts.

The campaign primarily targets the following countries including Japan, Taiwan, the United States, India, and Thailand and Chinese users are excluded.

Here You can find the list of apps, now the apps have been removed from the Google Play.

App NamePackageNo. of Installs
Shoot Clean-Junk Cleaner,Phone Booster,CPU Coolercom.boost.cpu.shootcleaner10,000+
Super Clean Lite- Booster, Clean&CPU Coolercom.boost.superclean.cpucool.lite50,000+
Super Clean-Phone Booster,Junk Cleaner&CPU Coolercom.booster.supercleaner100,000+
Quick Games-H5 Game Centercom.h5games.center.quickgames100,000+
Rocket Cleanercom.party.rocketcleaner100,000+
Rocket Cleaner Litecom.party.rocketcleaner.lite10,000+
Speed Clean-Phone Booster,Junk Cleaner&App Managercom.party.speedclean100,000+
LinkWorldVPNcom.linkworld.fast.free.vpn1,000+
H5 gameboxcom.games.h5gamebox1,000+

Indicators of Compromise

SHA256:

1e3f19dcfb23b8e04a88f87c3e4df67eba25b8012f1233295b60355b7545f5d4

1e3f19dcfb23b8e04a88f87c3e4df67eba25b8012f1233295b60355b7545f5d4

c91327f7e48ca64c829c29e6bcb30451dab6c9d32386048165702df3a728c173

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Also Read

Faketoken – Android Banking Malware Top-up Infected Mobile Devices to send Offensive SMS Messages

Leave a Reply