Play Store Gaming Apps Infected with Malware

An android malware named “AdultSwine” has attacked children-friendly gaming apps in the play store. Over 60 apps have been pulled by Google after recognizing the malware.

The malware causes pornographic content to show on the devices while the infected app is running, aside from trying to get users to install fake security apps and charging for unregistered premium services. The malware reportedly has the ability to steal user credentials.

The malware was discovered by researchers at Checkpoint and the affected apps have since been pulled by Google, and the developers’ accounts banned.

The affected apps have been downloaded as much as 3 to 7 million times, according to Play Store data.

A comprehensive list of affected apps and related research can be found on Checkpoint’s research blog. Google will continue to send notifications to phones that have the affected apps installed.

Android SMS malware hosted on Google Play infects 1.2 Million users

Experts often suggest to download android apps only from Google Play to avoid malware infection.  But, it doesn't mean that we can trust all of the apps hosted on Google.  

Security researchers from Panda security has found more than five malicious apps being hosted on Google play.

The apps in question appear to be targeting users in Spain.  Name of the apps are in Spanish: “Peinados Fáciles” (Easy Hairdos), “Dietas para Reducir el Abdomen” (Abs Diets), “Rutinas Ejercicios para el Gym” (Workout Routines) and “Cupcakes Recetas” (Cupcake Recipes).

The apps obtain phone number of the infected device from WhatsApp and uses it to sign the victim up to a premium rated SMS subscription services.

Researchers say that each of these apps have been downloaded by between 50k and 100k users. It means that between 300k and 1.2 Million users might have affected this malware.

“The truth is that fraudsters are making insane amounts of money from these premium services. A conservative estimate of, let’s say, €20 paid by each user would result in a huge sum of 6 to 24 million euros stolen from victims”, said Luis Corrons, Technical Director of PandaLabs.

Android font installing apps install iKno spyware

Security researchers from Webroot have come across few font installing apps hosted on Google Play that install Android spyware called "iKno".

The apps look like a legitimate font app and allow users to install new font on their android device.

The researcher analyzed the app and identified malicious code that downloads and executes ikno.apk file from a website.

iKno is android spyware developed by Technoreap solutions that monitors call logs, text messages, location.

It appears the malicious apps and developer's account have been removed from the Google play.

Android malwares hosted in Google Play by 'apkdeveloper'

android malware
List of malicious apps hosted by apkdeveloper

Once again, Malicious android apps have been found in Google Play.  A developer named "apkdeveloper" hosted a number of android malware in the Google Play.

The malware author used popular app names for his malicious apps by adding "super" at the end of the name . He also posted fake reviews to lure innocent users into downloading the malware .

"Obviously faked from the app either by asking people to give 5 stars to unlock the game (quite a common trick) or the people that made the app have found a way to publish reviews to the play store automatically. Wouldn't surprise me to be honest." One of the Reddit user's comment reads.

According one of the Reddit comment, the fake apps asked permissions for 'approximate location', 'percise location', 'full network access', 'read phone calls', 'mod or delete data on your sd card', 'find accounts', 'control vibration', ladies, 'run at startup', 'test access to protected storage'.

The malware author has been banned from google Play, after a Reddit post drew attention to the malware infested apps.

We are not sure how many users have been affected by this malicious app. Make sure you didn't install one of these malicious app.