Android malware discovered on Google Play has infected millions of users with spyware
April 6, 2016
Shah Sheikh (1294 articles)

Android malware discovered on Google Play has infected millions of users with spyware

Russian security researchers have discovered a Trojan for Android that contains malware and spyware features hidden in 104 Android apps on the Google Play store. It has been downloaded over 3.2 million times already onto victims’ devices.

Researchers at antivirus software firm Dr Web have discovered a nasty malware calledAndroid.Spy.277 which clones apps. These can range from games to instant messaging services, image-editing apps, video players, photo sticker apps, weight loss calorie counters, interactive smartphone wallpaper apps and even instant messaging services.

Once downloaded, the apps don’t work as they’re supposed to. Instead, Android.Spy.277 collects a huge amount of data on the smartphone’s owner, including but not limited to: the phone’s IMEI code, the user’s geographic location, the user’s Gmail address, the phone number registered to the smartphone and the user’s Google Cloud Messaging ID.

Every time the user tries to open one of the clone apps, the malware sends the information gathered to the hackers’ command and control (C&C) server, which will then give the app instructions, such as: show the user pop-up ads that appear on the notification bar, or place shortcuts to links onto the user’s smartphone home screen. When clicked, these open links to malicious websites on either the smartphone web browser, the Facebook app or even the Google Play Store app itself.

The ads also try to convince users that there’s something wrong with their smartphone that can only be fixed by downloading yet another malware-laden app, such as telling the user that their phone’s battery has been damaged and is overheating.

In the case of a user attempting to uninstall one of the clone apps, Android.Spy.277 installs other apps onto the device so that they can take over the spyware and adware function.

Researchers have contacted Google about the malware-laden apps. If you discover you have been affected by the malware, download Dr Web Android app which is capable of dealing with the issue, as well as the Android.Locker ransomware, once safe mode is activated.

The Dr Web app is free for 14 days, after which it costs €7 a year on subscription.

Source | IBTimes