Cybersecurity Researchers Find 35 Malware-injected Apps on Google Play

Cybersecurity researchers found 35 malicious apps on Google Play Store, having over 100,000 downloads by millions of Android users. Bitdefender shared its report about these apps and recommended that if users have downloaded any of them, they should uninstall them immediately.

Though Google Play Store has several protection layers for grading the apps as “safe to use,” sometimes, a particular bunch of apps bypasses the grading feature. These app developers try different methods to inject malware into the apps and host them on the Play Store.

The cybersecurity company Bitdefender found a ground-breaking report about 35 malware-injected apps running freely on the platform and issued a warning to users who downloaded these apps.

Bitdefender explains malware-injected apps

On August 17, 2022, the cybersecurity company shared a detailed post about a malware campaign led by an unknown TA (Threat Actor). The report stated, “Numerous apps use false pretexts to lure victims into installing them, only to change their name and aggressively serve ads afterwards.” The company identified 35 applications that have made their way into Google Play Store, averaging over two million downloads.

The apps hid their true intent by renaming themselves after installation, and even their icons changed so that the users could not find them again. As per Bitdefender, the app starts serving aggressive ads that link directly to the malware.

Though many Google Play apps show ads to users, these malware-infected apps use their own framework to serve malware without letting the users know. Sometimes, if the user wishes to delete the app after installation, it changes its name and icon and even conceals its presence on the target device.

Bitdefender identifies the malicious apps using a new real-time behavioral technology. The company also said the recent detections are instantly shared with Bitdefender Mobile Security users.

List of malware-injected apps

The developers behind the malware-injected applications added heavy coded obfuscation and encryption, making the reverse engineering process difficult. However, Bitdefender found the apps that were using the obscuring methods to hide inside the OS — apps claiming to be ‘Settings,’ ‘GPS,’ and essential pieces of software on the device. These apps also used an interesting technique that allows them to not show in the recently used apps.

The report also stated that all the publisher accounts uploaded only one app, and the emails and websites associated with the malicious applications look identical. Additionally, the malware-injected apps were packed using the same patterns and a similar naming style. Based on these findings, Bitdefender stated that “all of these apps are the work of a single group or even developer.”

Here is a list of malware-injected apps running freely on the Google Play Store. The cybersecurity firm has advised removing these apps as soon as possible because they can spread malware into users’ devices after installation.

Malware on Android

Following the report, Bitdefender published a list of recommendations to fight against hackers and malware-injected apps. It explains that just because an app is available on Google Play Store doesn’t mean it will be okay to use.

• Avoid installing apps that you don’t really need.
• Uninstall apps that you no longer use.
• Avoid apps with many downloads but fewer or no reviews on the Google Play Store.
• Check if the downloaded app is seeking special permission like drawing over apps or access to ‘Accessibility’.
• Avoid apps that require redundant permission not required by the app functionality.
• Run a security check in the background to check for malicious behavior.