Dr. Web, a Russian based internet security company just announced that over 25 000 smartphones got exposed to Android malware after downloading infected apps from Google Play, and that’s pretty sad folks.
This is becoming the new trend in hacking, the creation of malware infected Android apps which are then uploaded to Google Play. The scheme works well and it’s increasingly present, because it is very difficult to detect these malicious apps, and they are available for download for days and days, before Google gets wise and removes them.
Dr. Web announced today that they spotted quite a few infested Android apps on Google Play and they all track back to a Vietnamese developer, AppStoreJSC, specialized in audio/video players for displaying adult content.
As usual, if you’re into Internet porn, you have to be prepared for the worse! The malicious Android apps work by sending short messages at premium numbers, without your consent obviously, making other people rich and sucking your bank account dry.
According to Dr Web press release, let me quote them on that :
“While running these carrier applications, dubbed Android.MulDrop, Android.MulDrop.1, and Android.MulDrop.2 by Dr.Web, can prompt the user to download the content they need, but their consent initiates the installation of another application rather than the downloading of files. For example, the video player program offers to get the user new adult clips.”
Obviously, Google was made aware of the problem and they are working on it. Given the increasing popularity of Android OS, these kinds of attacks are likely to continue in the future and become more complex and hard to detect.
Android must face the burden of being the king of mobile operating systems, these kinds of attacks come with the territory. The way the cyber-criminals operate is by taking an original, genuine app and injecting malicious software into it, after that they are putting it into Google Play, free for download or at a discounted price.
If you’re an Android user, you’re more exposed to these types of criminal activities because, unlike iOS, Android is an open source software and also the Android app stores are more open.
It is estimated that there are over 1 000 000 infested apps crawling into the app stores everywhere and they are all working by signing up users to expensive premium services via SMS, which charge copious amounts of $ when sending/receiving short messages.