Android malware disguises itself as utility reader

null

A set of malware-infested apps have infiltrated the Google Play Store by posing as tools to help customers with their utility bills. 

The apps, which have already infected thousands of devices. were detected by security experts over at SophosLabs, which issued a report saying there are a couple of apps that pretend to be utility apps, when they are, in fact, adware. Six were QR code reading apps, and one was a so-called 'smart compass'.

These attracted more than half a million downloads.

What makes them dangerous is the fact that they don’t start bombarding you with ads right after you download and install the apps. Instead, they wait a few hours first. This, together with the fact that the adware part was embedded in “what looks at first sight like a standard Android programming library”, meant that the apps managed to make it through Google’s detailed checks, and into the Play Store.

Whoever built the malware can also change its behaviour remotely, “changing both its ad campaigns and its aggressiveness easily, without needing to update the malware code itself.”

Sophos notified Google about its findings, and the apps were swiftly removed from the Play Store. Still, hundreds of thousands of devices are infected.

Despite Google missing to spot the malicious apps, Sophos still recommends using the Play Store as your preferred source of apps.

“Despite Google’s failure to spot the roguery of these particular “utilities” before blessing them into the Play Store, we nevertheless recommend sticking to Google Play if you can,” it says.

“Google’s app vetting process is far from perfect, but the company does at least carry out some pre-acceptance checks. Many off-market Android app repositories have no checks at all – they’re open to anyone, which can be handy if you’re looking for unusual or highly specialised apps that wouldn’t make it onto Google Play (or trying to publish unconventional content).”

Image Credit: CyberHades / Flickr