Researchers have uncovered yet another group of what appear to be innocent Android apps built to spread malware to endpoints and charge unwitting victims for services.
The Dr Web antivirus team recently discovered a new batch of apps with 10 million downloads, including wallpaper apps, keyboards, photo editors, video editors, and the occasional cache cleaner or system maintenance app.
On the Google Play Store, 28 apps were found that had managed to circumvent Google’s stringent security policies.
“These apps are being used to infect Android devices with malware that drains victims’ wallets by subscribing them to premium services,” said a Dr Web specialist in a blog post detailing the research. “The malicious functionality is not immediately apparent in most cases.”
In terms of damages, the procedure is essentially the same. Most apps will try to hide once installed, changing their appearance in the app drawer to that of a system app. They hope that doing so will discourage users from uninstalling them. The apps would then push advertisements and attempt to sign the victim up for various premium services to generate additional revenue.
According to the investigation, this batch of virus software has been active since March and has successfully infected millions of devices.
These infected applications employ a technique known as “droppers.” This technology enables the infected app to bypass Google’s security defence system, bypass the Play Store, and infect the victim’s device in stages.
None of this would have been possible if users had not granted the apps the necessary permissions, even though the apps are simple in design (and do what they claim to do). They frequently ask users for advanced permissions, such as the permission to be excluded from the battery saver feature, so that they can operate in the background even when the user terminates them – a major red flag.
It is a lesson that everyone should be discerning when installing apps.
More Stories
Killnet and AnonymousSudan Collaborate to Launch Cyber Attacks on Western Organisations
In recent news, it has been reported that two Russia-sympathetic hacktivist groups, Killnet and AnonymousSudan, have allegedly launched a series...
$4000 Gone In An Instant: Mother Defrauded in Facebook Marketplace Car Deal
A mother of four is warning others to be cautious after believing she had purchased a safe and dependable car...
Shocking Scam: Sydney Family Loses $200K Life-Savings in Suncorp Spoofing Fraud
A family from Sydney has lost their life savings worth $200,000 due to a fraudulent scam. Peter and Madison, who...
Mysterious Money Transfer Leaves Couple Speechless: How They Got an Unsolicited $4000
A young couple in Melbourne claims their bank is making up a personal loan they do not understand. Ashley and...
Phishing + AI + Voice Cloning= Big Trouble: The New Way Criminals are Stealing Your Money
New Alert: Criminals use AI and voice cloning to trick you out of your money. Earlier this year, Microsoft unveiled...
‘Impossible to Spot’ Delivery Scam Email Targets Australia Post Customers – Don’t Fall Victim!
Unsuspecting shoppers should be cautious as a parcel delivery scam that is hard to distinguish targets Australia Post customers. Email...