Security researchers recently discovered the presence of 38 malicious apps on the Google Play Store that were not only disguised as games and education apps but also redirected victims to install other apps from the Play Store that displayed advertisements and loaded blog URLs in the background without obtaining user consent.
Earlier this year, Andrew Ahn, product manager of Google Play, announced in a blog post that Google had successfully kicked out more than 700,000 apps from the Play Store in 2017 through new machine learning models and techniques.
He added that Google has significantly boosted its ability to detect abuse such as impersonation, inappropriate content, or malware, and could also identify repeat offenders and abusive developer networks at scale, thereby making it difficult for "bad actors to create new accounts and attempt to publish yet another set of bad apps".
Despite such advances made by the global software giant, fraudsters are still successfully breaching Google Play policies not only to load malware onto victims' devices, but also to generate clicks and to run advertisements without obtaining consent from device users.
Security researchers at Symentec recently discovered 38 such apps that appeared to regular Android users as games and education apps but were, in fact, weapons used by malicious developers to install more malicious apps, generate clicks for certain blogs, and to run advertisements.
These apps were assigned legitimate-sounding names such as Multiplication Table Game, Swing Games, General Cultures, Piano Game, Game Billiards, Subway, Sarahah, Dominoes, Play Submarine, Games Cars, and The Arabs.
According to the researchers, all of these apps were published in December last year by a developer called learningdevelopment and featured a special ability to have their icons removed from the home screen while running in the background at the same time.
Once a victim installed any of these apps, the victim was redirected by the app to install another app on the Play Store which then displayed a large number of advertisements and also featured a background service that constantly checked for the device's network connectivity status.
Once the device was connected to a network, the app checked if the compromised device had installed any of the 37 apps and then proceeded to load several URLs in the background without obtaining specific permissions. The researchers noted that all 38 apps were downloaded onto at least 10,000 devices and exploited the "legitimacy" of being available in an official app store and the use of seemingly legitimate app names and descriptions.
All of these apps were subsequently kicked out by Google after their presence and functionality were reported to the company by Symantec researchers.
Commenting on the discovery of 38 malicious apps on the Google Play Store, Dean Ferrando, systems engineer manager of EMEA at Tripwire told SC Magazine UK that their discovery does not mean that Android users should stop trusting the Play Store and that they can still protect themselves by following some basic safety tips.
"With over 2 million apps in Google's Play Store, it is inevitable that some malicious apps will creep through. Despite this, users should still trust the Play Store but by following some basic safety tips, they can help reduce the chances of downloading a rogue app.
"Never ever grant administrator permission to any application without absolute trust for why it is needed. Android users should also pay attention to the permissions they are granting applications when they install them, even applications that advertise themselves as “mobile security” apps often have overzealous permissions, have access to and harvest personal data.
"Keeping the options enabled to only install apps from Google Play and to verify apps upon installation will also minimise exposure to such threats," he added.