Google’s Play Store still swamped with various malware-infested apps

July 21, 2022
Google Play Store Various Malware Infested Apps Mobile Application Trojan Infostealer

Despite Google’s efforts to employ advanced security measures to stop malicious applications from being uploaded to the Google Play Store, many threat actors are still finding ways to sneak their apps onto the platform to victimise the app store’s users.

Nonetheless, the tech giant is still actively taking steps to find these malware-infested applications, specifically after learning the existence of apps in the app store containing three malware strains, including Joker, Coper, and Facestealer.

 

In bypassing the Google Play Store detection, malware developers hide the malicious payload inside a common asset file and package applications through commercially available packers.

 

According to security researchers, the Joker malware is among the many sophisticated malware variants that target Android devices through the Google Play Store. Its operators bypassed Google’s app store regulations by modifying Joker’s trace signatures.

First spotted in 2017, the Joker malware subscribes victims to unwanted premium subscriptions while stealing their text messages, contact list, and other information from the infected device. Researchers combed through the app store and found several malicious apps with millions of downloads that contained Joker, such as photo editors, emoji keyboards, and language translators.

The other two malware strains that had recently been spotted were the Coper and Facestealer. The Coper malware is a banking trojan that could steal several of the victims’ data inside their device and could also intercept messages, keylogging, unlock and lock the phone’s screen, launch overlay attacks, prevent the app from being uninstalled, and aid the operators to take control and execute commands from their C2 server.

Meanwhile, the Facestealer malware can steal its victims’ Facebook credentials and auth tokens.

Researchers believe the Google security team had long been toiling to completely remove all malicious apps on their platform that carry several malware strains. The efforts to combat them often go astray, especially with threat operators continually evolving the capabilities of malicious payloads that never fail to find ways to counter-combat security measures.

Since the Google Play Store is a platform that most users trust when downloading apps, users are advised to avoid granting unnecessary permissions to those applications. Verifying an app’s legitimacy is also recommended by reviewing its description and privacy policies, knowing its developers, and reading other user reviews.

About the author