Google Play Store, the tech giant’s official library for Android apps and games, has again been caught lodging fraudulent and malicious applications, with more than 56 apps, most of them aimed for children, that were already downloaded and installed on over 1.7 million devices.
More Than 56 Apps Filled With Malware on Google Play
Tekya is a group of malware that produces fraudulent clicks on ads and banners from agencies, including Google‘s AdMob, Facebook, Unity, and so on. To make the clicks look real, the well-hidden code caused infected devices to utilize Android’s ‘MotionEvent’ system to mirror legitimate actions.
By the time security researchers from Check Point found them, the apps had gone unnoticed by both Google Play Protect and VirusTotal. Out of the total number of malicious apps, 24 were marketed to children, and Google finally removed all of them after the security firm reported them.
The finding ‘highlights once again that the Google Play Store can still host malicious apps,’ Check Point experts Israel Wernik, Danil Golubenko, and Aviran Hazum wrote in a post published on Tuesday, March 24th.
“There are nearly 3 million apps available from the store, with hundreds of new apps being uploaded daily–making it difficult to check that every single app is safe. Thus, users cannot rely on Google Play’s security measures alone to ensure their devices are protected,” the security researchers said.
Using Native Code to Hide
In order to make the malignant behavior more difficult to identify, the apps were written in native Android code, usually in the C and C++ programming languages. Android apps typically use Java to apply logic, but the interface of that language offers the developers the possibility of accessing more than one layer of abstraction.
By comparison, native language is applied at a much lower level. Although Java can easily be decompiled, it is more difficult to do this with native code. The Check Point firm offers much more technical information on the way the code functions; Google has since confirmed the removal of the apps from its Play Store platform.
More Malicious Apps Were Found
In a separate process, antivirus provider Dr. Web has reported the finding of an undisclosed number of Google Play apps, downloaded more than 700,000 times, which were full of malware, known as Android.Circle.1.
The malware code utilized code based on the BeanShell scripting language and mixed adware with click-fraud campaigns. The malware, which had 18 mods, could be applied in phishing attacks.
Dr. Web did not mention all the apps found to contain Android.Circle.1, but a few of them were detected to be Wallpaper Black – Dark Background, Horoscope 2020 – Zodiac Horoscope, Sweet Meet, Cartoon Camera, and Bubble Shooter. Google has since announced that it deleted all the apps Dr. Web reported as malicious.
Android devices usually uninstall apps after they’re identified to contain malware, but the system doesn’t always function as intended. You may want to check your mobile device to see if it has been infected. As always, we should be incredibly careful and selective with the apps we install.