Trend: 700,000 Bad Android Apps Downloaded From Google Play

Android is proving to be the most attractive mobile platform for attackers, as Trend Micro has spotted 17 “bad” apps on the official Google Play marketplace, which it believes have been downloaded more than 700,000 times.

Trend found 10 apps that were using AirPush to shove “annoying and obtrusive ads” on users’ Android devices, whilst another 6 apps contained the Plankton malware code.

In June last year, Plankton was seen in at least 10 applications on the Android Market (as it was then called) that were subsequently removed by Google. Those dirty apps were on the market for over two months, before anything was flagged.

Plankton connects to a command and control server to leak data and is capable of downloading additional code to do malicious things on Android devices.

Spy game

Another app called Spy Phone PRO+ was deemed as a threat by the security giant, as it had potential for misuse. The application offers to track text messages, calls and locations of the device it is installed on. Users can then access the information via a website. Spy Phone PRO+ has been downloaded over 100,000 times, Trend said in a blog post.

Google told TechWeekEurope it had “removed the apps from Google Play that violate our policies”, but at the time of publication had not said which ones specifically had been killed.

Android users are also being threatened by a website injection campaign that is pushing out Trojans, which are being delivered as fake security products and act in a similar way to Plankton. “This is not a typical drive-by-download whereby the application is automatically installed through an exploit – but rather the user is prompted to install the application after download,” Symantec said in a blog post.

“The payload itself is not very complicated to understand. Not obfuscated; just a few simple proxy and socket routines that can be used by the author of the threat to route traffic from an infected device to an external source.

“The real concern of this threat lies not in its immediate functionality, but in what it is capable of doing on behalf of an external force… Threats like these represent a change in strategies by malware developers, moving away from traditional ‘smash-and-grab’ jobs, like premium-SMS scams, to more sophisticated issues like privacy concerns and the theft of sensitive content used in extortion rackets, click-jacking etc.”

Google’s open model makes it easier for cyber criminals to upload malicious apps, in comparison to more closed approaches like Apple’s with its iOS platform. Google has sought to counter malicious activity on its market, however, introducing the Bouncer malicious app detection tool earlier this year.

Are you a security expert? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago