Just another day with just another Android malware targeting unsuspecting users on Google Play Store. This time, the IT security researchers at Russian cybersecurity company Dr.Web have discovered a dangerous Android malware hidden in several gaming apps on Play store stealing personal data from users by conducting phishing attacks.
Just another Android malware
Dubbed Android.RemoteCode.127.origin by researchers, the malware was found in 27 games that were downloaded more than 4,500,000. Upon infecting an Android device, the malware secretly opens malicious websites and automatically clicks on its content including banners and links by downloading a script from the C&C (command and control) server the purpose of which is to generate revenue through advertisements and links.
Furthermore, the malware uses its capability to drop additional Trojan modules which perform a number of malicious attacks including opening phishing windows and stealing login credential of victims, spams their device with advertisements and downloads other malicious apps without the knowledge or permission of victims.
“It covertly downloads and launches additional modules that perform various malicious actions. For example, they simulate user actions by covertly opening websites and clicking on their items,” said Dr.Web in their blog post.
Google did not remove the infected apps
Dr.Web’s blog post was published on January 16th, 2018. The cybersecurity firm informed Google about the presence of malware-infected apps on PlayStore however at the time of publishing this article, Google did not remove any of the apps. Therefore, if you are an Android user, here is a list of the apps and make sure to delete them in case you have downloaded any of them on your device.
Android users be careful
Since Android is the most vulnerable smartphone operating system, the cybercriminal and marketing community is taking full advantage of the situation. Just a couple of weeks ago it was reported that there are hundreds of gaming apps on Play Store are recording and tracking TV viewing habits of users and sharing it with companies for targeted advertising.
Moreover, a week ago, 60 Android apps for kids were found infected with pornographic malware which displayed highly sensitive and x-rated ads to users in order to generate revenue. It means that the Google’s security system has failed to detect and block malware and other malicious software from making their way to Play Store.
Also, avoid downloading unnecessary apps since Play Store is as insecure as a third party store. Make sure your device is updated with anti-virus software and run a scan on daily bases. Stay safe online.