X

Millions of Android users fall victim to trojans on Google Play Store

Pictured: Jake Cawley
By Jake Cawley
November 06, 2023
Featured image for Millions of Android users fall victim to trojans on Google Play Store

Maybe downloading that sketchy game is not the best idea. Researchers have discovered several apps on the Google Play Store that threat actors have camouflaged as innocent apps, but they are, in fact, trojan malware. Numerous new trojans, posing as legitimate apps, infiltrated the Google Play Store and were downloaded by hundreds of thousands of Android users. Among these were FakeApp trojans, Joker trojans, and HiddenAds adware trojans.

HiddenAds trojans are notorious for showing intrusive ads to users. They represent one of the most common types found on Android, tricking users into downloading them and subsequently bombarding them with ads. Identifying the app responsible for displaying the ads can be challenging due to the covert strategies used by HiddenAds. One method is deleting their own icons and names from your home screen, so they go unnoticed. Another way is by changing their icon and name to something well-known, like the Chrome browser, hiding in plain sight.

Freezing Game Studio released four innocent-looking apps, namely Agent Shooter, Rainbow Stretch, Rubber Punch 3D, and Super Skibydi Killer, and used them to distribute HiddenAds malware. The total number of downloads for these apps exceeded 2 million.

In September, there was a decrease in overall Android malware activity, but many new malicious apps emerged on the Google Play Store

Moving on, we have the Android FakeApp trojans, a deceptive category of malware. FakeApps operate with the intention of tricking victims into becoming investors or users of fraudulent websites. FakeApps take on different forms. They disguise themselves as gaming apps, stock trading apps, financial guides, and reference books. These apps direct users to fraudulent sites or online casinos, attempting to lure them into making deposits.

Finally, there’s the Joker malware family. These deceptive apps subscribe victims unknowingly to paid services, stealing contact info, text messages, and sensitive data. The initial Joker malware cases used SMS fraud to enroll victims in subscriptions or make payments without their knowledge. The latest Joker malware variant downloads an executable from a C2 server and enrolls you in premium subscriptions without your awareness. It will simultaneously sidestep Google’s security and silently takes control of the notification listener, leaving users in the dark.

The Google Play Store has built-in malware protection with Google Play Protect. It provides a range of security features, such as scanning apps, verifying apps, and controlling app permissions to protect against malware. However, it struggles with detecting unknown or novel malware while excelling at known malware detection. The Google Play Store also faces the challenge of fake app reviews. Google uses algorithms and relies on user reports to detect and remove fake reviews, but the sheer number of apps and reviews can make it challenging to catch all instances of fraud.

In conclusion, the Google Play Store is fantastic, but users should proceed cautiously when downloading new apps to their devices.