Table of contents:
Applications with malicious content continue to dot the Google Play Store, despite apparently having mechanisms that would prevent their presence. The alarm was given by Lukas Stefanko, a security researcher at ESET, in a tweet in which he gave a good account of 13 games, all created by the same developer, that were potentially dangerous for the user who installed them on his mobile phone. . Two of the games were even among the most popular at the time.This is the tweet he launched just a couple of days ago.
Don't install these apps from Google Play – it's malware.
Details:-13 apps-all together 560, 000+ installs-after launch, hide itself icon-downloads additional APK and makes user install it (unavailable now)-2 apps are Trending-no legitimate functionality-reported pic.twitter.com/1WDqrCPWFo
- Lukas Stefanko (@LukasStefanko) November 19, 2018
Driving games that hide malicious files
In total, as Stefanko indicates in his tweet, the applications were downloaded by more than 560,000 users. It's really curious that all the games were about the same theme: driving. Hobbyist user downloaded the game thinking he was going to have a good time with some high-end cars but to his surprise the app didn't work Every time that tried to open it, an error was produced in it and it was automatically closed.
This initial application (the car game) was nothing more than a lure that triggered the download of a payload (in second plano) from a registered domain to an application developer located in Istanbul. At this time, the phone was infected with a virus and the icon of the app installed in the first place would disappear from the phone. To analyze the content of the virus, different scanning tools were used, none of them agreeing on how the malware works. What was clear is that the virus started up once the phone or tablet was turned on, having full access to the user's network traffic, being able to collect personal data from it.
Tips to avoid malware in the Google Play Store
As we have seen, not even in the official store itself are we free to download a game or application that later turns out to hide something dark. However, we can follow certain guidelines with which to prevent, to a greater degree, ending up prisoner of the networks of cybercriminals.
- For example, the first thing we have to do is, always, read the comments Above all, take a good look at all those people who Give them just one star and see what they say. If it also has 5 stars, beware, this can be a trick. Many applications and games promise extras and benefits to users who rate them with the highest score.
- If you're not sure about an application, find out who created and developed it. Then, search for the company online. If it doesn't give you a good feeling, if suspicious or negative comments have appeared when searching for the company, don't download it.
- Another good advice we can give you is to don't download feature apps that you already have available on your phone by system, such as flashlight apps. Also, if you download a flashlight app and it asks for your permission to read your network information or read your personal messages, be wary immediately. Why would you need a camera app, for example, to access your personal call history? If the app asks you for permissions to do things that aren't its own, don't download it.
