Malicious app sneaking around Google Play for a year

February 10, 2019
Google Play

A malware-bound Android application was discovered hanging around on Google Play for very nearly a year. Amid this time, the malignant application was accessible for download by all Google Play clients. The malware was covered up in an application named “Simple Call Recorder”, distributed by the FreshApps Group.

At the season of disclosure, the pernicious application had been introduced more than multiple times from the Google Play Store. The fundamental objective of the noxious application was to trap clients into introducing an extra application, which acted like an Adobe Flash Player Update.

The malware-bound application was first found by a malware scientis. Luckily, the malignant application was brought down from the Google Play Store after the scientist revealed about it.

“Simple Call Recorder kept going on the Google Play nearly for a year, which is extremely quite a while before being evacuated, on the off chance that we think about that the application contained flashplayer_update.apk string inside,” the scientist mentioned in his statement.


Endeavor Technique of the malicious app from Google Play

The noxious usefulness of the application was not engineered alongside the call-recorder application. Rather, it was added by an aggressor to trap clients to introduce an extra application, by holing up behind a real usefulness.

It was additionally hypothesized that the aggressor could have discovered the real code for the call-recorder application on an elective source and stolen it to execute his own malevolent code and transfer it on Google Play.


Assault Vector

When the call-recorder application is introduced and executed on a gadget, it decodes an extra double document and afterward progressively stacks it into the application. This sort of conduct is regularly found among numerous other Android malware variations lately.

The vindictive Flash Player is downloaded through Adobe servers. In any case, Google Play’s arrangement disallows applications or SDK’s that download executable code, for example, dex records or local code, from a source other than Google Play. The malware’s capacity to sidestep Google’s safety efforts makes the danger significantly more troubling.

Additionally elements of the noxious application are right now obscure in light of the fact that the scientist was not able recover it through the connection hardcoded into the APK. It is likely that the application has just been expelled from the server in the wake of being accessible for download for more than 11 months.

An ongoing report from Google encourages clients to stick to Google Play applications and keep running as later a variant of Android as conceivable to diminish the danger of winding up assaulted. The report focused on that Android gadgets that just download applications from Google Play are multiple times more averse to wind up with malware. Shockingly, in any case, the applications like Simple Call Recorder still keep on sneaking past Google’s security provisos.


About the author

Leave a Reply