Android’s problems with malicious apps continues
Google scans every app on the Play Store for malicious content, yet some manage to slip through
Downloading mobile apps from unverified sites can be risky as they do not vet apps like Google does. Google scrutinizes every app to ensure nothing malicious ever shows up on the store. But there have been various cases where malicious apps have managed to slip though Google’s defences. For example, a spyware called SMSVova, which spied on users’ location, was found in an app called System Update on the Play Store by a company called ZScaler in April 2017. The app was removed by Google but not before it was downloaded more than 1 million times.
Recently Kaspersky Labs found two harmless looking apps, Magic Browser and Noise Detector, on Play Store carrying the Ztorg malware. This malware can root a smartphone without users’ consent, but in this case it was used to take control over the SMS services on the smartphone to send promotional messages on them. Magic Browser had access to messages from the beginning, while Noise Detector was updated and the permission to access messages was added to it afterwards. The apps were downloaded over 50,000 times before they were removed by Google. Keeping an anti-virus on smartphone provides a second line of defence from apps missed by Google. Anti-virus scans every new app and warns users if there is a potential threat.
Another malware Judy, which infected over 41 apps on the Play Store, was discovered by researchers at Check Point Software Technologies. These apps were developed by a Korean company named Kiniwini which was registered on Google Play as Enistudio Corp. Judy is an auto clicking adware which works by generating fraudulent clicks from users’ smartphones. It quietly opens specific webpages with banner ads in the background without the users’ consent and then clicks on the advertisements to receive payments from the website developer. Judy also tries to display large amount of advertisement on webpages accessed by the users, hoping to get a few clicks.
Apps carrying the virus are believed to have been downloaded over 18 million times and affected over 36 million users. Users can tackle adwares such as Judy by using mobile browsers with built-in VPN or ad blocking tools. Users should also check app permissions carefully, and see if an app is asking for too many or irrelevant permissions. For example, a game asking for access to the browser sounds suspicious.
The findings by anti-virus company Trend Micro is even more alarming. The company claims that there are over 800 apps on the Play Store which are infected by a malware called Xavier. To escape detection, these apps are using methods such as string encryption, internet data encryption and emulator detection. Xavier downloads and executes malicious codes to steal users’ personal information without their knowledge. Users should read up reviews and download apps only from trusted sources.