Security research recently revealed that Google Play has been the breeding ground of malicious malwares for many years.
These Android malwares are equipped with advanced backdoor capabilities. They are capable of stealing sensitive user data. The worst part is that they have been hiding in plain sight on the Google Play platform.
Security researchers from Kaspersky Lab have discovered at least eight Android apps. Some of these apps have been on Google Play since 2018. However, the researchers believe that an earlier version of these apps may have been released on the platform as early as 2016.
Google was quick to remove these apps after they have been reported. However, some third-party distributors have hosted the removed apps and may still be available.
The culprits
Experts believe that a notorious hacker group is behind the recent breach. Security researchers investigating the apps have tracked them down to the group known only as OceanLotus.
They were able to do this by reverse engineering the code and checking it with command servers that they are connected to.
#technology Google Play has been spreading advanced Android malware for years https://t.co/e68gn5rxKT
— Enticingtechnologies (@enticingtech) April 30, 2020
Researchers said that these apps released on Google Play are highly advanced. The apps are able to bypass the platform’s security protocols
Researchers believe that the hacking group let loose these malwares in Southeast Asia. Cybercriminals use these malwares to steal financial and user data. The operation appears to target Android users in Vietnam with some cases reported also in China.
How these malwares bypass security protocols
Google Play is the most the official platform for Android apps. As such, the platform is regularly target by malicious users. Google releases regular security updates, but hackers are always finding new ways to beat them.
Kaspersky security researchers shared this on a post:
“Our main theory about the reasons for all these versioning maneuvers is that the attackers are trying to use diverse techniques to achieve their goal, to bypass the official Google marketplace filters.”
One particular technique is releasing an uninfected version of an app. Once it clears all security checks from Google Play, the hackers will then release an update that has embedded backdoor capabilities.
Another technique employed by these malicious apps is to request few or no permissions during installation. Once installed, the hackers can inject malicious code inside an executable file.
Google Play and app developers continue to push security updates in order to contain the spread of these malwares. Malware is a huge problem for any devices, and regular updates are an effective way to combat.
Image courtesy of Matam Jaswanth/Unsplash