New Malicious Apps Detected on Google Play
Three malicious applications have been detected on Google Play collecting revenue on ads by bringing together three separate techniques.
The three apps on Google Play are said to use delayed attacks, self-naming tricks, and an attack list dictated by a command and control server to click on ads in the background without the user’s knowledge, according to Symantec, an internet security company in US.
Symantec says its researchers “discovered the three malicious applications on Google Play, which collects ad revenue by clicking on ads while running in the background.”
The three apps utilized three separate techniques (delayed attacks, self-naming tricks, and an attack list received from a command and control server [C&C] that are relatively common on their own, but have not been seen together.
Symantec says after detecting these threats as Android.Fakeapp, it notified Google about the apps and they have been removed from Google Play.
The three malicious apps were available on Google Play with the following package and app names:
- sarabase.clearmaster.speedbooster (Clear Master Boost and Clean)
- desive.fastercharger.fastcharger (Fast Charge 2017)
- qt.fastercharger (Fast Charger X3 Free)
Google Play reported between 10,000 and 50,000 installs each of the Fast Charge 2017 and Fast Charger X3 Free apps and 5,000 to 10,000 installs of the Clear Master Boost and Clean app in North America.
Symantec thus recommends that users follow these best practices to stay protected from mobile threats:
- Keep your software up to date
- Do not download apps from unfamiliar sites
- Only install apps from trusted sources
- Pay close attention to the permissions requested by apps
- Install a suitable mobile security app to protect your device and data
- Make frequent backups of important data
Success Kafoi, is a Lagos-Nigerian based ICT Journalist and a Guest Blogger for Nexxy Tech. you can connect with him on twitter @