Android SMS malware hosted on Google Play infects 1.2 Million users

Experts often suggest to download android apps only from Google Play to avoid malware infection.  But, it doesn't mean that we can trust all of the apps hosted on Google.  

Security researchers from Panda security has found more than five malicious apps being hosted on Google play.

The apps in question appear to be targeting users in Spain.  Name of the apps are in Spanish: “Peinados Fáciles” (Easy Hairdos), “Dietas para Reducir el Abdomen” (Abs Diets), “Rutinas Ejercicios para el Gym” (Workout Routines) and “Cupcakes Recetas” (Cupcake Recipes).

The apps obtain phone number of the infected device from WhatsApp and uses it to sign the victim up to a premium rated SMS subscription services.

Researchers say that each of these apps have been downloaded by between 50k and 100k users. It means that between 300k and 1.2 Million users might have affected this malware.

“The truth is that fraudsters are making insane amounts of money from these premium services. A conservative estimate of, let’s say, €20 paid by each user would result in a huge sum of 6 to 24 million euros stolen from victims”, said Luis Corrons, Technical Director of PandaLabs.

Android font installing apps install iKno spyware

Security researchers from Webroot have come across few font installing apps hosted on Google Play that install Android spyware called "iKno".

The apps look like a legitimate font app and allow users to install new font on their android device.

The researcher analyzed the app and identified malicious code that downloads and executes ikno.apk file from a website.

iKno is android spyware developed by Technoreap solutions that monitors call logs, text messages, location.

It appears the malicious apps and developer's account have been removed from the Google play.

Android malwares hosted in Google Play by 'apkdeveloper'

android malware
List of malicious apps hosted by apkdeveloper

Once again, Malicious android apps have been found in Google Play.  A developer named "apkdeveloper" hosted a number of android malware in the Google Play.

The malware author used popular app names for his malicious apps by adding "super" at the end of the name . He also posted fake reviews to lure innocent users into downloading the malware .

"Obviously faked from the app either by asking people to give 5 stars to unlock the game (quite a common trick) or the people that made the app have found a way to publish reviews to the play store automatically. Wouldn't surprise me to be honest." One of the Reddit user's comment reads.

According one of the Reddit comment, the fake apps asked permissions for 'approximate location', 'percise location', 'full network access', 'read phone calls', 'mod or delete data on your sd card', 'find accounts', 'control vibration', ladies, 'run at startup', 'test access to protected storage'.

The malware author has been banned from google Play, after a Reddit post drew attention to the malware infested apps.

We are not sure how many users have been affected by this malicious app. Make sure you didn't install one of these malicious app.