Analysts Find Another Malicious App on Google Play Store That Spreads Malware

Where do you get your apps from? Ideally, you get them from a reputable source, such as the Google Play Store. Unfortunately, the name of this online app market continues to flash in the headlines as new malicious and unwanted apps are being discovered on it basically every month. In fact, it was reported that Google removed over 700,000 apps in 2017, which was a 70% increase compared to the previous year. These are shocking numbers. Of course, not all apps are equally as malicious. Some of them may record relatively insignificant amounts of personal information (which is still intrusive), but there are apps that can drop malware, listen in on phone calls, hijack the device, steal passwords, and do all kinds of other undesirable things. Whether you own 10 or 100 Google Play apps, you could be at risk.

In this report, we focus on a malicious app called Flappy Birr Dog, but we also provide tips on how to spot malicious apps on Google Play in general. If you are interested, please continue reading.

What is Flappy Birr Dog and MobSTSPY?

If the first thing that comes to mind is Flappy Bird – a famous game that, at its peak, was downloaded 50 million times and generated a daily revenue of $50,000 – you are not wrong at all. Flappy Birr Dog was created with an intention of attracting users who may have been familiar with Flappy Bird already.

This application was one of the many that were created to distribute MobSTSPY malware. It is believed that the apps were uploaded onto the platform without a malicious code because Google Play apps are thoroughly reviewed and have to pass certain security standards. The users who downloaded these apps 100,000 times, most likely, downloaded them malware-free also. Unfortunately, at some point, malicious code was injected for the purpose of distributing MobSTSPY. Besides Flappy Birr Dog, FlashLight, HZPermis Pro Arabe, Win7imulator, and Win7Launcher were the other Google Play apps that were used for the distribution of this malware.

According to malware analysts and Trend Micro, MobSTSPY is set up to discover the phone user's location, read SMS messages, log calls, and even record clipboard items. All information is sent to a remote C&C server silently. Basically, this malware acts as spyware. The analysts also discovered that the threat could perform phishing attacks to gather credentials. For example, it can display bogus Facebook or Google login screens to log usernames and passwords. At the time of analysis, the spyware was mainly spread in India, but it also affected users in Russia, Pakistan, and Bangladesh among 196 countries in total.

Unfortunately, Google Play apps distributing MobSTSPY might have put unsuspecting users at serious risks. Their virtual identities could have been stolen, and personal information could have been leaked to third parties, who might include scammers, unreliable advertisers, and malware distributors. Although the malicious apps mentioned above – including Flappy Birr Dog – have been removed already, it is impossible to say if new Google Play apps will not be uploaded to spread the same spyware.

This isn't the first or the last time malicious Google Play apps are discovered

New suspicious, questionable, unwanted, or malicious Google Play apps are discovered frequently. Most recently, it was reported by ZDNet that 85 adware apps on Google Play were installed over 9 million times. One specific app, called Easy Universal TV Remote, was downloaded 5 million times alone. At the end of last year, 22 Google Play apps with a malicious backdoor were, reportedly, downloaded over 2 million times. These apps were automatically clicking on malicious ads without the user's permission. The only good news is that they were removed from the store as well.

In November, another 13 Google Play apps were deleted from the platform because they could have been used to download malware. It was recorded that these apps could have been downloaded 560,000 times. A similar amount of malicious apps were deleted in March of 2018 when Google discovered 7 apps capable of displaying ads and notifications with ad links. Although it might seem as if these kinds of apps are more annoying than anything else, ads can route you to malware websites, and they can be used to expose you to phishing notifications. Ultimately, Google is not removing apps randomly. If they are removed, that means that they are not meeting the security standards, and that is a big deal.

How to spot malicious apps on Google Play

It is crucial that you learn how to spot malicious apps on Google Play because that is your best chance of avoiding malicious Google Play apps in the first place. Even if you use antivirus software to protect your device – which you absolutely should do – it might not protect you against apps that, for example, do not have malicious code injected upon installation. As we discussed already, such code can be injected later on to bypass security controls and antivirus software.

These are the things you need to look at if you want to spot malicious apps on Google Play:

  • Reviews
  • Ratings
  • Descriptions
  • Author
  • Permissions
  • Updates

Even if an app has a 5/5 rating, and the reviews are mostly positive, you need to be cautious because these things can be forged, and that is not that hard to do as well. It is most important that you take the name of the app and the author and do a little bit of research. If you cannot find any incriminating data, you might think that the chosen Google Play app is harmless, but keep in mind that finding no information at all is not a good sign either.

Pay close attention to the permissions you are granting the Google Play apps you install. For example, if a photo editing app wants to access your phone calls, contacts, geographical location, and other data that is unrelated to photo-editing services, you need to be worried. Finally, it is also important that you install trustworthy security software to protect your device and ensure that you cannot be tricked into installing malicious apps in the future. Also, keep in mind that while Google Play Store is continuously being found to represent malicious apps, malware, and spyware, it is still the most reputable source for Android apps.

January 10, 2019

Leave a Reply