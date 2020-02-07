Advertisement

Android apps that are said to improve a user’s phone’s performance offered researchers the ability to download thousands of malware variants.

According to Trend Micro, the applications have been lurking in the Google Play Store since 2017 – they have been downloaded more than 470,000 times in total – and presented opportunities to improve device performance by cleaning or deleting files.

Cybersecurity company experts said the malicious apps could even try to compromise a user’s Facebook and Google credentials.

Advertisement

Malware is displayed when corona virus information is distributed online

Continue reading

“The cybercriminals behind this campaign can use the affected device to post fake positive ratings in favor of the malicious apps and perform multiple ad fraud techniques by clicking on the ads that appear (in the software when opened) becomes).” The team said.

It is believed that nearly 2,500 users in the United States are affected by the software, which has now been removed from the Google Play marketplace. A total of 48,557 devices were infected in Japan during the same period.

The identified apps were named as follows: Shoot Clean (over 10,000 installations), Super Clean Lite (over 50,000 installations), Super Clean-Phone (over 100,000 installations), Quick Games (over 100,000 installations), Rocket Cleaner (over 100,000 installations) , Rocket Cleaner Lite (over 10,000 installations), Speed ​​Clean (over 100,000 installations), LinkWorldVPN (over 1,000) and H5-Gamebox (over 1,000 installations).

Using the example of Speed ​​Clean, Trend Micro determined that a secret connection should be established in order to download malware variants or user data that facilitate advertising fraud.

This “simulates that a user clicks on an ad that appears in one of the malicious apps” and generates money for the criminals. The company’s apps were part of a “large number” of legitimate mobile advertising platforms, including Google AdMob and Facebook Audience Network.

The booby trap app would try to get a user to give them full access privileges. You were asked to disable the security features of Google Play by sending a warning to the device: “The phone is at risk. Open this access to ensure safe use.”

If you click on it, the hackers can transfer more malware to the device, publish fake scans of the malicious software on Play on the phone, and even link the apps to a user’s Google and Facebook accounts if those credentials were saved on the smartphone.

It is still unknown who is behind the malware campaign, although the preliminary investigation revealed that the operator or team may be based in China.

The researchers found that the applications did not use any malicious features when the user’s phone was geographically connected to the country. As the tech website Ars Technica notes, this is usually an indication that the developers didn’t want to attract the attention of local authorities.

“We tried to change the geographic parameter value of the country code to any country code or even random, nonexistent country codes, and the remote ad configuration server consistently returned malicious content,” the researchers said in their analysis.

“When we changed the geographic parameter value to geo = cn (China), no malicious content was returned. This could indicate that the campaign’s actors have deliberately avoided requests from Chinese users. The campaign’s attack appears to be excluding Chinese users.”

The team said Android users should “exercise caution” before downloading a mobile app from the Play Store, including reviewing ratings for suspicious activity. In this case, the apps showed a variety of ratings, but everyone had exactly the same wording, a big red flag.

The Android operating system is owned and developed by Google.

File photo: smartphone shows social media applications. Security researchers warned this week that Android apps in the Play Store are being used to infect user devices.

iStock

Advertisement