Hundreds of thousands of users downloaded nasty Android apps in December, says Trend
Google Play is still riddled with malware, according to a security firm, as Android continues to be the mobile platform of choice amongst cyber crooks.
Trend Micro found 455 malicious apps were on the official Android marketplace between 5 and 10 December, whilst another 1,275 could be found on two other popular third-party app stores. Some of those nasty apps were downloaded over 100,000 times.
“For Google Play, FAKEAPP variants have the most number. FAKEAPP are rogue or fake versions of well-known apps,” Trend mobile threat analyst Symphony Luo explained in a blog.
“Once users are tricked into installing them, these apps steal sensitive information from the device and send these to remote servers.
“For the top third-party app providers, the likeliest malicious apps that users can encounter are GAPPUSIN variants. GAPUSSIN variants are known to download other malicious apps and steal information from users.”
Google Play security scares
Trend has been on the Android security case for some time now. Back in August, it found 164 “high-risk apps” on Google Play and other sites, which were aggressively pushing ads and collecting mobile data without telling the user, sending the information to remote servers.
It also discovered a select group of 17 rogue applications had been downloaded over 700,000 times. Some of those apps tracked users’ location, calls and messages.
“With the way things are going, it may take a while before we see a decrease in malicious Android apps,” Luo added.
“What does this mean for Android users? In a nutshell, they remain targets of shady developers and criminals who are bent on taking advantage of the platform.”
“Thus, one can never be too careful in downloading apps, even from Google Play.”
Banking Trojan hits Google Play
Just last week, what appeared to be the first ever banking trojan to hit Google Play was spotted. Known as Carberp-in-the-Mobile, the attack vector helped hackers steal banking information.
Attackers using Carberp for Windows need to get hold of mTANs – the unique numbers banks send to users to authorise a transfer – if they want to be truly successful. That’s why the latest versions interrupt users’ banking sessions, asking them to download an app from Google Play, either by entering their phone number or scanning a QR code.
Victims then receive an SMS message, with a link to download the malicious app, otherwise known as CitMo. The app then asks the user for their phone number and they will later be sent an SMS message containing a five digit code to enter into the app window, believing they are carrying out a genuine transaction still.
But when genuine messages start coming in from the actual bank, CitMo intercepts and hides them, stealing the mTAN number the crooks are after.
Fortunately, when Kaspersky alerted Google to the issue, the variants, which were targeting Russian banks, were removed from the Play store.
“There’s been malware on Google Play before. They remove it fairly quickly. But I don’t remember seeing banking malware there before,” Mikko Hypponen, chief research officer at F-Secure, told TechWeekEurope.
Despite malware hitting Android in various guises this year, Hypponen said that Google’s Boxer technology, designed to sniff out malicious apps, was doing a good job. “It probably prevents tons of malware getting into Google Play.”
How well do you know Internet security? Try our quiz and find out!