Malware that Just Won’t Give Up on Google Play
A team of malware authors is playing a cat and mouse game with Google. The game goes like this: they upload their malware, Google Play quickly takes it down, they upload a new mutation and Google takes it down. Current status of the game: the malware is back on Google Play. So far, the malicious apps have infected hundreds of thousands of innocent victims.
In April, we discovered porn clicker malware on Google Play posing as the popular Dubsmash app.
Two days ago, we reported that a mutation of the porn clicker malware, created by a Turkish group of malware authors, made its way back onto Google Play, but have since been removed from the Play Store.
Once the apps were downloaded they did not do anything significant when opened by the user, they just showed a static image. However, once the unsuspecting victim opened his/her browser or other apps, the app began to run in the background and redirect the user to porn sites. Users may not have necessarily understood where these porn redirects were coming from, since it was only possible to stop them from happening once the app was killed. Fellow security researchers at Eset reported that more apps with this mutation were on Google Play earlier this week. Eset also reported that the original form of the malware was uploaded to Google Play multiple times in May. Our findings combined with that from Eset, prove that these malware authors are extremely persistent and determined to make Google Play a permanent residency for their malware.
… is what the authors of this malware must have said when Google removed their apps from the Play Store earlier this week. And sure enough, their malware is back on Google Play. The malware, which Avast detects as Clicker-AR, is in the following three apps: Doganin Güzellikleri, Doganin Güzellikleri 2, Doganin Güzellikleri 3. The name translates to “Nature’s Beauties”. Avast has reported the apps to Google.
Google has a lot on its plate. It has to maintain the most popular mobile operating system in the world, along with an app store with around 1.5 million apps.
That is where security providers, like Avast, jump in. You don’t expect Windows to completely protect you from malware, so just as you would install antivirus on your PC as an extra layer of protection, it is vital you install antivirus on your mobile device. More and more people are using mobile devices and storing a plethora of valuable information on them. This large target pool, combined with the valuable data, naturally makes mobile devices an attractive target for cybercriminals and they are determined to come for you.
In addition to having antivirus installed on your phone, make sure you do the following:
You can download Avast Mobile Security for free from the Google Play Store.
*It seems as though "Zaren" may be sensing we are all onto him and has therefore changed his developer account name...
Social engineering used to trick Facebook users into downloading Advanced Persistent Threat disguised as Kik Messenger app.
The cryptominer botnet attacked over half a million Windows servers and computers so far...but that number is growing.