Despite the increased activity on Google’s part to improve the security of its Google Play app store, not all the about 3 million apps apps that are available there are safe for your smartphone.
Millions of users have inadvertently downloaded thousands of malicious applications from the store which have compromised their data including SMS, credentials, photos, calendars appointments, and emails. For example, in March 2019, the ‘SimBad’ adware was found in over 200 apps on the store, with a combined download count of nearly 150 million.
Malware families that can be found on Android apps have a range of capabilities: from the ability to steal all information from the device, to taking over the device by popping up advertisements or overlay windows as a form of a phishing attack. These apps also use a variety of techniques to avoid detection, including code obfuscation and delayed downloads of malicious payloads.
One of these campaigns has been uncovered by Check Point researchers. The Haken malware family was installed on over 50,000 Android devices by eight different malicious apps which all appeared to be benign. The apps were mostly camera utilities and children’s games: the apps were Kids Coloring, Compass, qrcode, Fruits coloring book, soccer coloring book, fruit jump tower, ball number shooter & Inongdan.
The malware is classified as a “clicker” because of its ability to take control of the user device and click on anything that may appear on the device’s screen. That malware can access any type of data, so anything visible on-screen is fair game, and any locally stored data.
The malware can sign them up for premium subscription services without the user realizing, earning money illegally for the people behind the app. It could also exfiltrate sensitive data from the user’s device. The good news is, these rogue applications have all been removed from Google Play.