New Android Apps in the Play Store Contain Malware

July 28th, 2022 - Written By CyberLabs

In the recent, write up by Dr.Web on virus activity on mobile devices he mentioned that he has discovered many malicious apps.

“Over the month, Doctor Web’s malware analysts discovered dozens of malicious apps on Google Play. Among them were adware trojans, fake apps used by scammers, info-stealers targeting confidential data, and others.”

30 applications with almost 10 million users have been found on the Google Play Store distributing adware.

“All of them were built into various programs, including image-editing software, virtual keyboards, system tools and utilities, calling apps, wallpaper collection apps, and others.” Said Dr.web

Following is the list of app containing malicious content:

1. Photo Editor: Beauty Filter (gb.artfilter.tenvarnist)
2. Photo Editor: Retouch & Cutout (de.nineergysh.quickarttwo)
3. Photo Editor: Art Filters (gb.painnt.moonlightingnine)
4. Photo Editor – Design Maker (gb.twentynine.redaktoridea)
5. Photo Editor & Background Eraser (de.photoground.twentysixshot)
6. Photo & Exif Editor (de.xnano.photoexifeditornine)
7. Photo Editor – Filters Effects (de.hitopgop.sixtyeightgx)
8. Photo Filters & Effects (de.sixtyonecollice.cameraroll)
9. Photo Editor : Blur Image (de.instgang.fiftyggfife)
10. Photo Editor : Cut, Paste (de.fiftyninecamera.rollredactor)
11. Emoji Keyboard: Stickers & GIF (gb.crazykey.sevenboard)
12. Neon Theme Keyboard (com.neonthemekeyboard.app)
13. Neon Theme – Android Keyboard (com.androidneonkeyboard.app)
14. Cashe Cleaner (com.cachecleanereasytool.app)
15. Fancy Charging (com.fancyanimatedbattery.app)
16. FastCleaner: Cashe Cleaner (com.fastcleanercashecleaner.app)
17. Call Skins – Caller Themes (com.rockskinthemes.app)
18. Funny Caller (com.funnycallercustomtheme.app)
19. CallMe Phone Themes (com.callercallwallpaper.app)
20. InCall: Contact Background (com.mycallcustomcallscrean.app)
21. MyCall – Call Personalization (com.mycallcallpersonalization.app)
22. Caller Theme (com.caller.theme.slow)
23. Caller Theme (com.callertheme.firstref)
24. Funny Wallpapers – Live Screen (com.funnywallpapaerslive.app)
25. 4K Wallpapers Auto Changer (de.andromo.ssfiftylivesixcc)
26. NewScrean: 4D Wallpapers (com.newscrean4dwallpapers.app)
27. Stock Wallpapers & Backgrounds (de.stockeighty.onewallpapers)
28. Notes – reminders and lists (com.notesreminderslists.app)

“To display ads, some of them request permission to show windows over other apps; the rest ask users to add them to the exclusion list of the battery-saving feature. In addition, to make it more difficult for users to detect malicious apps in the future, the trojans hide their icons from the list of installed apps in the home screen menu—or, they replace the icons with less noticeable ones. Take, for example, the icon named “SIM Toolkit”, which when selected, launches an eponymous system app for working with SIM cards—instead of the original app.”

How trojans try to gain access to needed functions (Source: Dr.Web)

How one of the trojans replaces its icon (Source: Dr.Web)

Google has removed most of the applications, but some remains available for download and installation via the Play Store. If any was installed before their removal from the Play Store, you will still need to uninstall them from your device manually and run an Anti-Virus scan to clean any remnants.

Users should be caution when downloading apps from Google Play or otherwise, and refrain from granting extensive permissions to apps.

Sources:

• https://news.drweb.com/show/review/?lng=en&i=14520
• https://thehackernews.com/2022/07/these-28-android-apps-with-10-million.html
• https://www.bleepingcomputer.com/news/security/new-android-malware-apps-installed-10-million-times-from-google-play/