2.8 Million Users Affected by Play Store Trojan

The story of malware always comes with the same warning, to be careful of where you download your apps from. Quite often, the instructions to practice safe app shopping is to use the Google Play Store or the Apple App Store. It’s repeated often enough that people believe it. Unfortunately, malicious apps have made it in to both of these dominant app stores. Quite often in fact.

Right now, there is a nasty little trojan running rampant throughout the Google Play Store. This malware, going by the name of Android.Spy.305 can be found on at least 155 apps currently ready to be downloaded within the Google Play Store. This trojan does a few things that users wouldn’t be happy with.

At installation of an app infected with Android.Spy.305, the trojan runs about the user’s phone collecting all manner of information. Things such as OS version and language, device name, model and IMEI, screen resolution, mobile network operator, installed apps, and the user’s email address associated with the Google Play Account. The app also collects the name of the app which delivered the infection to the phone, developer ID and SDK version. This last bit of information is due to the fact that the infection probably comes from and advertising SDK used by developers when building their applications.

Once all that information is packed up and shipped of to it’s final destination, the malware goes about it’s real task. That task is to deliver ads. Alot of ads. The malware will place ads in the phones notification bar, home screen, and anywhere else if can fit them. And user’s should feel lucky. Why lucky you may ask? Because at this point, the malware is intent on just delivering ads, and generating revenue for the malware creators. So far, the malware hasn’t done anything more nefarious, and we should hope that the malware creators do not take an additional step.

Security researchers Dr.Web state that the Android.Spy.305 has been found in apps from developers such as MaxMitek Inc, Fatty Studio, Gig Mobile, TrueApp Lab, Sigourney Studio, Doril Radio.FM, Finch Peach Mobile Apps, and Mothrr Mobile Apps.

Sadly, even though Dr.Web has informed Google of the malware, the apps have yet to be pulled from the Google Play Store, which means that count of 2.8 million infected users will only climb. Sadder still, this malware is simply a new iteration of a malware previously found on the Google Play Store called Android.Spy.277 which infected over 3.2 million users by the time the 104 infected apps were removed.

There’s no point in giving the traditional warning of only downloading apps from reputable app stores, as no app store is immune to some bad apps getting through. The warning should be to do some proper dilligence before downloading an app. Check the developer. Many malicious apps are copy cats of other more popular apps and can be identified quite often simply by seeing the developer name on the app. I’m sure we all remember the ridiculous quantity of fake BBM apps that invaded the Google Play Store when BBM first went cross platform, many with variations on BlackBerry’s name. Also, check the reviews. If you are considering downloading an app, other’s should have done it first, and if it’s a fake app, more often than not there will be reviews warning of this very thing.

Source: utbblogs.com