Malicious apps hosted in Google store turn Android phones into zombies

Google Play logoGoogle has been caught hosting more than a dozen malicious titles in its official Android app market. Some had been downloaded tens of thousands of times and turn smartphones into zombies that await commands from their attacker overlords, security researchers said.

A stash of 17 malicious apps remained freely available in the Google Play store, according to a blog post published Thursday by researchers from antivirus provider Trend Micro. Six of those titles contained a highly stealthy code dubbed Plankton, which causes Android-based phones to connect to command and control servers and wait for commands. At least 10 Plankton-based apps found last year in the Android market collected users' browsing history, bookmarks, and device information and sent them to servers under the control of the attackers.

"In total, we have discovered 17 malicious mobile apps still freely downloadable from Google Play: 10 apps using AirPush to potentially deliver annoying and obtrusive ads to users and 6 apps that contain Plankton malware code," the Trend Micro advisory warned. Malicious apps included NBA Squadre Puzzle Game, NFL Puzzle Game, Cricket World Cup and Teams, and a variety of names written in simplified Chinese characters.

Spy Phone Pro+ is one of 17 malicious titles Trend Micro researchers

It remained unclear if the malicious titles had been removed in the hours following the publication of the post. Searches for some of the titles named by Trend Micro returned no results. But searches for at least one of the developers shown as submitting the abusive apps to Google Play turned up suspicious-looking English language programs not mentioned in Trend Micro's blog post.

"Never ever download this app as it hijacks your browser," a user calling himself Jai wrote in comments accompanying an app called Make Your Home, which has been downloaded as many as 500,000 times . "I am still exploring the ways how to get it back to normal state. Big zero."

Comments accompanying other apps submitted by Antonio Tonev, the same developer listed as uploading Make Your Home—including those for Art of Tattoo and Thermo (Thermometer)—also claimed they triggered antivirus warnings or displayed unwanted messages.

In February, Google introduced a cloud-based scanner called Bouncer that scoured Android apps hosted on Google servers for malicious titles. The move followed a string of embarrassing disclosures by outside researchers who over the past year reported dozens of abusive apps in the market. The apps reported Thursday by Trend Micro are at least the second time malicious apps have been reported in Google Play since the introduction of Bouncer. That doesn't include malicious browser extensions found hosted in Google's Chrome Store.

One app found by Trend Micro was called Spy Phone Pro and explicitly described itself as a program to "track every text message, every call, every location." In all the apps have been downloaded more than 700,000 times.

A Google spokeswoman issued a statement that read: "We have removed the apps from Google Play that violate our policies." She didn't say how many apps were affected or when they were removed. Meanwhile, Make Your Home, Art of Tattoo, and Thermo (Thermometer) remain available for download despite user feedback claiming they're malicious. Google's statement made no reference to these apps.

Source: Ars Technica

Tags: Android, Google

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Last news

Galaxy Note10 really is built around a 6.7-inch display
You may still be able to download your content
Facebook, Messenger and Instagram are all going away
Minimize apps to a floating, always-on-top bubble
Japan Display has been providing LCDs for the iPhone XR, the only LCD model in Apple’s 2018 line-up
The 2001 operating system has reached its lowest share level
The entire TSMC 5nm design infrastructure is available now from TSMC
The smartphone uses a Snapdragon 660 processor running Android 9 Pie
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 / 2
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /

News Archive



Do you use microSD card with your phone?
or leave your own version in comments (15)