In that case, the Android Trojan comes from apps downloaded from
third party, unofficial Android app stores, not the official Google Play site.
Some had been downloaded tens of thousands of times and turn smartphones into zombies that await commands from their attacker overlords, security researchers said.
Although Android lets you download and install apps from anywhere, in addition to the official Google Play store, this attack still has two requirements.
Six of those titles contained a highly stealthy code dubbed Plankton, which causes Android based phones to connect to command and control servers and wait for commands.
New malware found in 15 Android apps
in the official Google Play marketplace should serve as a cautionary tale to
Android device users to pay attention to the permission requests that pop up as
an app is downloading, according to a researcher at antivirus software vendor
McAfee.
Google Play can update the apps the user selects automatically, or users can update then on a per case basis or update all apps at once.
Malicious apps included NBA Squadre Puzzle Game, NFL Puzzle Game, Cricket World Cup and Teams, and a variety of names written in simplified Chinese characters.
It remained unclear if the malicious titles had been removed in the hours following the publication of the post.
Searches for some of the titles named by Trend Micro returned no results.
McAfee identified 15 apps from two
different developers that had been downloaded about 70,000 times, according to
Google Play statistics.
“Never ever download this app as it hijacks your browser,” a user calling himself Jai wrote in commentsaccompanying an app called Make Your Home, which has been downloaded as many as 500,000 times .
Statistics provided by Google Play (formerly the Android Market) indicated they had been downloaded at least 70,000 times, according to Castillo, who didn’t provide the name of the apps or the developers marketing them.
Comments accompanying other apps submitted by Antonio Tonev, the same developer listed as uploadingMake Your Homeincluding those for Art of Tattoo and Thermo (Thermometer)also claimed they triggered antivirus warnings or displayed unwanted messages.
Imagine the recently discovered fake Android apps (see links below) coupled with this drive by download example.
The move followed a string of embarrassing disclosures by outside researchers who over the past year reported dozens of abusive apps in the market.
Along with the help of Symantec, they discovered that the apps which were intended for the Japanese market share a common code and consequentially they believe that one group is behind all 29 of the apps.
Due to Googles open ecosystem and less invasive app policing policies, researchers argue that the Google Play marketplace is home to numerous malicious apps.
That doesn’t include malicious browser extensions found hosted in Google’s Chrome Store.
One app found by Trend Micro was called Spy Phone Pro and explicitly described itself as a program to “track every text message, every call, every location.
Brad Thomson is a business journalist based in Melbourne, Australia. Brad has a passion for financial markets and breaking news stories and loves writing about business news, stock market, and economic opinions that matters most to its audience. Brad spends a lot of time discovering and researching latest financial markets and industry news stories in order to make sure the latest and greatest stories are brought to you first on BigBoardNews.com.
