A security firm has discovered a bunch of apps on the Google Play app store laden with dangerous malware that can steal user data. The apps discovered by Dr Web antivirus-promised productivity tools have over 2 million downloads collectivity.
Some of the malware-laden apps are unavailable on Google Play, though users may still have them installed on their phones. Users are advised to delete them immediately to safeguard their private data.
One of the apps, dubbed TubeBox, has over 1 million downloads and the app promises to help users make money by watching videos and ads. Users would seemingly get rewards that can later be turned into currency. Dr Web notes that the creators of this app tried to string their victims along for as long as possible so that they would continue watching videos and ads, earning money not for themselves but for the fraudsters.
Another app, dubbed Fast Cleaner & Cooling Master was available on Google Play as an OS ‘optimisation tool.’ In reality, the app displays ads or launches a proxy server on an affected device. Third parties can use this proxy to channel traffic through it. The app has over 500,000 downloads.
Some apps “containing a new adware module” were identified as well. The module receives commands through Firebase Cloud Messaging. This module receives commands through Firebase Cloud Messaging and loads malicious websites into them. Apps affected by this malware include Bluetooth device auto connect, Bluetooth and Wi-Fi and USB driver, and Volume, Music Equalizer. The three apps have been installed 1.15 million times.
Dr Web has also found apps with Android.FakeApp trojan family. These fake apps are designed to get users to participate in dodgy surveys, register accounts, and submit applications in order to collect their personal information. These apps are mainly specific to Russian users. In a blog post, the company notes that attackers use images of famous personas and companies and make “loud statements.”
In particular, they promise high income and accompany their ads in Russian phrases like ‘The entire country against sanctions’, ‘We grand 10 free shares’, ‘Earn while you still learning’, ‘I will give you 100,000 USD if you are not a millionaire in 6 months’, and more”. These apps persuade users to click on fishy links and steal data.
Google is yet to address whether malicious apps have been deleted.