Google Play Store took serious action against Malicious apps

Malicious apps

You may have heard of malicious apps that took access to sites and spread numerous malware at a fast pace. Learning that would be traumatizing for those people who are addicted to sharing their personal info on social media and anonymous sites every day.

Uncountable people become the victim of such traps. But what about Google Play Store’s new actions? Several Apps were taken down by Google Play Store because it was found out that those were hiding in camouflage to attain access to the data, networks, bank accounts, and devices of several people.

Also, they were infected with several malware that could help the attacker to steal data just in order to gain monetary benefits. This made big breaking news for several users of the Google Play Store. The malware types that were found in this case are:

• Joker Malware
• Facestealer Spyware
• Coper Dropper

Let’s see what the impact of such malware took place on the users of such apps.

Joker Malware

Researchers from Pradeo, a mobile security firm, found that several apps were distributing Joker Malware. Joker is one kind of malicious code hiding as a system app. Moreover, it allows the attacker to run a broad range of malicious operations. Those operations were including:

1. It could disable the Google Play Protect Service.
2. It installs malicious apps
3. Sometimes generates fake reviews
4. Elsewhere showing ads is one of its qualities.

According to the research four apps were found guilty as they were infected by Joker Malware. The installation count of these people was 1,00,000. Somewhere else, according to ThreatLab, 50 apps were having Joker Malware. Also, the max number it was downloaded was 3,00,000. The categories targeted by attackers were:

• Communication
• Photography
• Personalization
• Tools
• Health.

The most infected categories from Joker Malware were Tools and Communication. According to ThreatLabz, because of the daily uploads of apps consisting of Joker malware, seeing the rapid growth of attacks and persistence of attackers became easy. Two more names were found in the matter and those two were:

• Facestealer Spyware
• Coper Dropper    

Facestealer Spyware

This malware was observed first by Dr. Web Researchers. The developing team of such malware was rapidly changing the codes so that catching them wouldn’t be possible. Moreover, this malware was designed to steal:

• Facebook User’s Logins
• Passwords
• Authentication Tokens

Coper Dropper

It’s a trojan for Banking, which targeted banking apps in:

• Europe
• Australia
• South America

Cybercriminals made the apps consisting of malware look like legitimate apps so that the users don’t get suspicious over downloading them.

After the user installs the app, it starts running the Coper Dropper infection that is able to receive and send messages on its own. To assault the device this malware follows several steps to exploit it:

1. To send messages it starts making USSD requests (Unstructured Supplementary Service Data)
2. It started keylogging
3. locking/ unlocking the screen of the user’s device
4. Continuing raging attacks
5. Never let the user uninstall the app once installed
6. Allowing the attacker to take control of the device and do whatever they want with a C2 Server.

Due to these events, attackers got an upper hand over the victims and the security measures of the Google Play Store. In order to lash out at the victim, these attackers will use the data as a threat to the user.

1. Facestealer App camouflaged as Vanilla Camera (cam.vanilla.snapp)
2. Coper Dropper camouflaged as Unicc QR Scanner (com. qrdscanneratedx)

Advisory from Experts for Google Play Store Users

• Don’t try to install or download any app from an untrustworthy developer
• Positivity of reviews and download counts can show you the genuineness of Apps
• You shouldn’t allow permissions to the apps you don’t trust as follows:

1. Listeners’ permission
2. Escalated accessibility

• Follow the developers that are renowned and well established. Don’t trust any attractive app when you see the front head.
• If unfortunately, you got scammed on the Play Store via a malicious app, you can contact Google for it instantly via the contacts available on the Play Store.

As you saw, the attackers have upgraded their skills and techniques to cheat the innocent individual you should learn how to save yourself from such attacks. For that, you can learn about malware analysis, which is specially designed for those who want to be technically involved in the industry of Cyber Security.

But where can you learn about these techniques & tools? Don’t worry! You can join the Malware Analysis Training and Certification Course offered by Craw Security. Also, you can ask for online sessions too.

You’ll be guided under the guidance of the best-qualified trainers to train you to become a professional like them. What are you waiting for, Enroll, Now!

Kindly read more articles:

Cleartrip – a Flight Booking Platform owned by Flipkart hit by a major data breach

Cyber Criminals attacked “Premint” a popular platform for NFTs

About Author

Sandhyakumari

See author's posts